Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2009-2412
Vulnerability from cvelistv5
Published
2009-08-06 15:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2009:050",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"name": "36233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36233"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup"
},
{
"name": "37152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37152"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "36140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36140"
},
{
"name": "56765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56765"
},
{
"name": "PK99482",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482"
},
{
"name": "56766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"name": "35949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35949"
},
{
"name": "PK93225",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225"
},
{
"name": "36166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup"
},
{
"name": "oval:org.mitre.oval:def:8394",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394"
},
{
"name": "36138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"name": "USN-813-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"name": "37221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "oval:org.mitre.oval:def:9958",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2009:195",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:195"
},
{
"name": "FEDORA-2009-8336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "FEDORA-2009-8360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SA:2009:050",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"name": "36233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36233"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup"
},
{
"name": "37152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37152"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "36140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36140"
},
{
"name": "56765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56765"
},
{
"name": "PK99482",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482"
},
{
"name": "56766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"name": "35949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35949"
},
{
"name": "PK93225",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225"
},
{
"name": "36166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup"
},
{
"name": "oval:org.mitre.oval:def:8394",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394"
},
{
"name": "36138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"name": "USN-813-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"name": "37221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "oval:org.mitre.oval:def:9958",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2009:195",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:195"
},
{
"name": "FEDORA-2009-8336",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "FEDORA-2009-8360",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2412",
"datePublished": "2009-08-06T15:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EC87975-74CA-42E6-84ED-0DD2BF9FFC78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A896FA5-D3FC-4BD9-965A-C9A72D62780D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EC4D99D-9753-4C59-BBB5-959D42382DD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8EDB1D0-82A9-462F-9B3B-0EDF452341E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A8DC96A-6D25-4E98-808E-5159F8369224\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9DFFEDC-F5C7-47C7-95A9-6BF4208A1B48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E87B09F2-ECEA-409D-B27B-0747280D4AC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"126268B4-03AF-46B1-9840-80CB461429E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9A6CE4A-9BA3-4936-B9EA-B8B649B3AF84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0760EF10-E57D-42C6-AB26-9FCFAE40062F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC6D2840-FF47-470F-B124-743592A6B465\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56723D23-E6BC-4BB6-931E-5802528BE4A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E706184-E7BC-452F-82FE-72EA8C37F4D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"867962AD-8EF4-4DC4-96F6-77896CEF3F92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EB78030-8C3B-4ACA-B62B-DC5DC5FBD073\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E53CBDDE-D914-49A8-B65C-9352487B3CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3C48811-5237-4752-857E-AEA5E879505A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88051185-C7B3-4540-BE0D-47B34FA4EC3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC3307A0-BCD6-423F-AC32-2E4F1E1310F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA93EC05-1936-4A2A-BFE1-E3F3BA2FD20F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC4B4907-8186-487C-97E8-A00BEC3D8116\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E3B4C44-163C-4D92-9BB0-C3BEC4F65665\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EBD5602-6DE8-47EC-8464-150D2AA562BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAC9B4C4-ABC3-4306-A207-41E43B1BE20F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"802A56B5-E4CC-49ED-A5EF-7F1BECBA2811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86D62910-DF77-4DA5-B2E0-9C645DE21FE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55CEAFE5-CD77-48C4-8B5E-A4FA173D5590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18A3B6CD-8D8A-47F1-8021-3779F3882E4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C4C28F7-946E-4A8A-8D02-1166EE14E891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"280DCE6C-A529-4B61-80E4-D0C66D1FA709\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ECEA4AB-80B3-4E4D-A634-6A37E0C7A1F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57DE26CB-8B98-4ADE-A9A5-8DC3020D03FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7686BB5B-9DD3-43DF-8852-2721D158AC81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4A13FE2-5580-446F-9963-DB978B97BCA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F66FC842-29BD-4889-8436-D4BE271CE0AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97664E40-9802-4FFE-9AD1-78CE05B82FEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB66AD7D-FF60-4320-A8AF-448836E61FBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A42AC519-7FB4-4911-BA47-9CC87D0EA874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFE38C6B-4042-4A01-9686-8CD38C995C80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"910818CC-6EED-4E78-B85C-51AAC3A945D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C8176D3-0632-4D2C-B992-8FE32B023B45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D1F3F02-BED5-42D6-92D9-AA0A5336F1D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25BE556A-5036-4CCC-A597-CA1FC1F89B11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99A5A93F-2BD6-4DAE-854F-8CF4FC32C6C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C35911DF-832A-417D-92C4-5DF02E5EC164\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A93F3369-74F6-49D0-94A3-C20603C43B08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA090A3B-F678-4078-9B7A-6BF3E88F4F0A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de entero en la biblioteca Apache Portable Runtime (APR) y en la biblioteca Apache Portable Utility (alias ARP-util) v0.9.x y v1.3.x permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (cuelgue de aplicaci\\u00f3n) o posiblemente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores que disparan las llamadas manipuladas a funciones (1) allocator_alloc o (2) apr_palloc en memory/unix/apr_pools.c en APR; o llamadas manipuladas a funciones (3) apr_rmm_malloc, (4) apr_rmm_calloc, o (5) apr_rmm_realloc en misc/apr_rmm.c en APR-util; desencadenando en desbordamientos de b\\u00fafer. NOTA: algunos de estos detalles se obtienen a partir de informaci\\u00f3n de terceros.\"}]",
"id": "CVE-2009-2412",
"lastModified": "2024-11-21T01:04:48.743",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2009-08-06T15:30:00.280",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/56765\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/56766\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/36138\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36140\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36166\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/36233\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/37152\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/37221\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT3937\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:195\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/35949\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-813-2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3184\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1107\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/56765\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/56766\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36138\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36140\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/37152\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/37221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT3937\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/35949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-813-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-2412\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-08-06T15:30:00.280\",\"lastModified\":\"2024-11-21T01:04:48.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de entero en la biblioteca Apache Portable Runtime (APR) y en la biblioteca Apache Portable Utility (alias ARP-util) v0.9.x y v1.3.x permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que disparan las llamadas manipuladas a funciones (1) allocator_alloc o (2) apr_palloc en memory/unix/apr_pools.c en APR; o llamadas manipuladas a funciones (3) apr_rmm_malloc, (4) apr_rmm_calloc, o (5) apr_rmm_realloc en misc/apr_rmm.c en APR-util; desencadenando en desbordamientos de b\u00fafer. NOTA: algunos de estos detalles se obtienen a partir de informaci\u00f3n de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EC87975-74CA-42E6-84ED-0DD2BF9FFC78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A896FA5-D3FC-4BD9-965A-C9A72D62780D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EC4D99D-9753-4C59-BBB5-959D42382DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EDB1D0-82A9-462F-9B3B-0EDF452341E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A8DC96A-6D25-4E98-808E-5159F8369224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9DFFEDC-F5C7-47C7-95A9-6BF4208A1B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E87B09F2-ECEA-409D-B27B-0747280D4AC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126268B4-03AF-46B1-9840-80CB461429E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9A6CE4A-9BA3-4936-B9EA-B8B649B3AF84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0760EF10-E57D-42C6-AB26-9FCFAE40062F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6D2840-FF47-470F-B124-743592A6B465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56723D23-E6BC-4BB6-931E-5802528BE4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E706184-E7BC-452F-82FE-72EA8C37F4D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"867962AD-8EF4-4DC4-96F6-77896CEF3F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EB78030-8C3B-4ACA-B62B-DC5DC5FBD073\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E53CBDDE-D914-49A8-B65C-9352487B3CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C48811-5237-4752-857E-AEA5E879505A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88051185-C7B3-4540-BE0D-47B34FA4EC3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC3307A0-BCD6-423F-AC32-2E4F1E1310F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA93EC05-1936-4A2A-BFE1-E3F3BA2FD20F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC4B4907-8186-487C-97E8-A00BEC3D8116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E3B4C44-163C-4D92-9BB0-C3BEC4F65665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EBD5602-6DE8-47EC-8464-150D2AA562BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAC9B4C4-ABC3-4306-A207-41E43B1BE20F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"802A56B5-E4CC-49ED-A5EF-7F1BECBA2811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D62910-DF77-4DA5-B2E0-9C645DE21FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55CEAFE5-CD77-48C4-8B5E-A4FA173D5590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18A3B6CD-8D8A-47F1-8021-3779F3882E4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C4C28F7-946E-4A8A-8D02-1166EE14E891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280DCE6C-A529-4B61-80E4-D0C66D1FA709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ECEA4AB-80B3-4E4D-A634-6A37E0C7A1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57DE26CB-8B98-4ADE-A9A5-8DC3020D03FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7686BB5B-9DD3-43DF-8852-2721D158AC81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A13FE2-5580-446F-9963-DB978B97BCA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F66FC842-29BD-4889-8436-D4BE271CE0AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97664E40-9802-4FFE-9AD1-78CE05B82FEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB66AD7D-FF60-4320-A8AF-448836E61FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A42AC519-7FB4-4911-BA47-9CC87D0EA874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE38C6B-4042-4A01-9686-8CD38C995C80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910818CC-6EED-4E78-B85C-51AAC3A945D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C8176D3-0632-4D2C-B992-8FE32B023B45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D1F3F02-BED5-42D6-92D9-AA0A5336F1D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25BE556A-5036-4CCC-A597-CA1FC1F89B11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99A5A93F-2BD6-4DAE-854F-8CF4FC32C6C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35911DF-832A-417D-92C4-5DF02E5EC164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A93F3369-74F6-49D0-94A3-C20603C43B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA090A3B-F678-4078-9B7A-6BF3E88F4F0A\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/56765\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/56766\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/36138\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36140\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36166\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/36233\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/37152\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/37221\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT3937\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:195\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/35949\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-813-2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3184\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/56765\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/56766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-813-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0602",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
"url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
},
{
"category": "external",
"summary": "200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
"tracking": {
"current_release_date": "2024-12-15T18:14:44+00:00",
"generator": {
"date": "2024-12-15T18:14:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2010:0602",
"initial_release_date": "2010-08-04T21:30:00+00:00",
"revision_history": [
{
"date": "2010-08-04T21:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-05T10:04:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:14:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product_id": "ant-0:1.6.5-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product_id": "axis-0:1.2.1-1jpp_3rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product_id": "log4j-0:1.2.12-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product_id": "pcsc-lite-0:1.3.3-3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2090",
"discovery_date": "2005-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237079"
}
],
"notes": [
{
"category": "description",
"text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat multiple content-length header poisioning",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2090"
},
{
"category": "external",
"summary": "RHBZ#237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
}
],
"release_date": "2005-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat multiple content-length header poisioning"
},
{
"cve": "CVE-2005-3510",
"discovery_date": "2005-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237085"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-3510"
},
{
"category": "external",
"summary": "RHBZ#237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
}
],
"release_date": "2005-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat DoS"
},
{
"cve": "CVE-2006-3835",
"discovery_date": "2006-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237084"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory listing issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3835"
},
{
"category": "external",
"summary": "RHBZ#237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
}
],
"release_date": "2006-07-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat directory listing issue"
},
{
"cve": "CVE-2006-3918",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2006-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "200732"
}
],
"notes": [
{
"category": "description",
"text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Expect header XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3918"
},
{
"category": "external",
"summary": "RHBZ#200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
}
],
"release_date": "2006-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Expect header XSS"
},
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-0450",
"discovery_date": "2007-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237080"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory traversal",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0450"
},
{
"category": "external",
"summary": "RHBZ#237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
}
],
"release_date": "2007-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat directory traversal"
},
{
"cve": "CVE-2007-1349",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "240423"
}
],
"notes": [
{
"category": "description",
"text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_perl PerlRun denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1349"
},
{
"category": "external",
"summary": "RHBZ#240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
}
],
"release_date": "2007-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_perl PerlRun denial of service"
},
{
"cve": "CVE-2007-1358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244803"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat accept-language xss flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1358"
},
{
"category": "external",
"summary": "RHBZ#244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
}
],
"release_date": "2007-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat accept-language xss flaw"
},
{
"cve": "CVE-2007-1863",
"discovery_date": "2007-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244658"
}
],
"notes": [
{
"category": "description",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_cache segfault",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "RHBZ#244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
}
],
"release_date": "2007-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_cache segfault"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
},
{
"cve": "CVE-2007-3382",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247972"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookies",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3382"
},
{
"category": "external",
"summary": "RHBZ#247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookies"
},
{
"cve": "CVE-2007-3385",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247976"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookie values",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3385"
},
{
"category": "external",
"summary": "RHBZ#247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookie values"
},
{
"cve": "CVE-2007-3847",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2007-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "250731"
}
],
"notes": [
{
"category": "description",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: out of bounds read",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "RHBZ#250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
}
],
"release_date": "2007-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: out of bounds read"
},
{
"cve": "CVE-2007-4465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "289511"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_autoindex XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "RHBZ#289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
}
],
"release_date": "2007-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_autoindex XSS"
},
{
"cve": "CVE-2007-5000",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "419931"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_imagemap XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "RHBZ#419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
}
],
"release_date": "2007-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_imagemap XSS"
},
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy",
"Will Drewry"
]
}
],
"cve": "CVE-2007-5116",
"discovery_date": "2007-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "323571"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl regular expression UTF parsing errors",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "RHBZ#323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
}
],
"release_date": "2007-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl regular expression UTF parsing errors"
},
{
"cve": "CVE-2007-5333",
"discovery_date": "2008-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427766"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Improve cookie parsing for tomcat5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5333"
},
{
"category": "external",
"summary": "RHBZ#427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
}
],
"release_date": "2008-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Improve cookie parsing for tomcat5"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2007-6388",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427228"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache mod_status cross-site scripting",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "RHBZ#427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
}
],
"release_date": "2007-12-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache mod_status cross-site scripting"
},
{
"cve": "CVE-2008-0005",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427739"
}
],
"notes": [
{
"category": "description",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_proxy_ftp XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "RHBZ#427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
}
],
"release_date": "2008-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_proxy_ftp XSS"
},
{
"cve": "CVE-2008-0128",
"discovery_date": "2008-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "429821"
}
],
"notes": [
{
"category": "description",
"text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat5 SSO cookie login information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0128"
},
{
"category": "external",
"summary": "RHBZ#429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
}
],
"release_date": "2006-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat5 SSO cookie login information disclosure"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1927",
"discovery_date": "2008-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443928"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap corruption by regular expressions with utf8 characters",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1927"
},
{
"category": "external",
"summary": "RHBZ#443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
}
],
"release_date": "2007-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl: heap corruption by regular expressions with utf8 characters"
},
{
"cve": "CVE-2008-2364",
"discovery_date": "2008-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451615"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "RHBZ#451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
}
],
"release_date": "2008-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458250"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp globbing XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "RHBZ#458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp globbing XSS"
},
{
"cve": "CVE-2008-5515",
"discovery_date": "2009-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504753"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat request dispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5515"
},
{
"category": "external",
"summary": "RHBZ#504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
}
],
"release_date": "2009-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat request dispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2009-0023",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503928"
}
],
"notes": [
{
"category": "description",
"text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util heap buffer underwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0023"
},
{
"category": "external",
"summary": "RHBZ#503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util heap buffer underwrite"
},
{
"cve": "CVE-2009-0033",
"discovery_date": "2009-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "493381"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Denial-Of-Service with AJP connection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0033"
},
{
"category": "external",
"summary": "RHBZ#493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat6 Denial-Of-Service with AJP connection"
},
{
"cve": "CVE-2009-0580",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503978"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Information disclosure in authentication classes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0580"
},
{
"category": "external",
"summary": "RHBZ#503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat6 Information disclosure in authentication classes"
},
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-1955",
"discovery_date": "2009-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504555"
}
],
"notes": [
{
"category": "description",
"text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util billion laughs attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1955"
},
{
"category": "external",
"summary": "RHBZ#504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
}
],
"release_date": "2009-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util billion laughs attack"
},
{
"cve": "CVE-2009-1956",
"discovery_date": "2009-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504390"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util single NULL byte buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1956"
},
{
"category": "external",
"summary": "RHBZ#504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
}
],
"release_date": "2009-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util single NULL byte buffer overflow"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
},
{
"cve": "CVE-2009-3094",
"discovery_date": "2009-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "521619"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3094"
},
{
"category": "external",
"summary": "RHBZ#521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
}
],
"release_date": "2009-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
},
{
"cve": "CVE-2009-3095",
"discovery_date": "2009-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522209"
}
],
"notes": [
{
"category": "description",
"text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3095"
},
{
"category": "external",
"summary": "RHBZ#522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
}
],
"release_date": "2009-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
},
{
"cve": "CVE-2009-4901",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4901"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0407",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0407"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0434",
"discovery_date": "2010-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "570171"
}
],
"notes": [
{
"category": "description",
"text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: request header information leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0434"
},
{
"category": "external",
"summary": "RHBZ#570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
}
],
"release_date": "2009-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: request header information leak"
}
]
}
rhsa-2009:1204
Vulnerability from csaf_redhat
Published
2009-08-10 17:16
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: apr and apr-util security update
Notes
Topic
Updated apr and apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It aims to provide a free library
of C data structures and routines. apr-util is a utility library used with
APR. This library provides additional utility interfaces for APR; including
support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
All apr and apr-util users should upgrade to these updated packages, which
contain backported patches to correct these issues. Applications using the
APR libraries, such as httpd, must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated apr and apr-util packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache Portable Runtime (APR) is a portability library used by the\nApache HTTP Server and other projects. It aims to provide a free library\nof C data structures and routines. apr-util is a utility library used with\nAPR. This library provides additional utility interfaces for APR; including\nsupport for XML parsing, LDAP, database interfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nAll apr and apr-util users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Applications using the\nAPR libraries, such as httpd, must be restarted for this update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1204",
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1204.json"
}
],
"title": "Red Hat Security Advisory: apr and apr-util security update",
"tracking": {
"current_release_date": "2024-11-22T03:25:44+00:00",
"generator": {
"date": "2024-11-22T03:25:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1204",
"initial_release_date": "2009-08-10T17:16:00+00:00",
"revision_history": [
{
"date": "2009-08-10T17:16:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-08-10T13:22:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:25:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.src",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.src",
"product_id": "apr-0:1.2.7-11.el5_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.src",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.src",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.src",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:16:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
rhsa-2009_1205
Vulnerability from csaf_redhat
Published
2009-08-10 17:34
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd security and bug fix update
Notes
Topic
Updated httpd packages that fix multiple security issues and a bug are now
available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server. The httpd package shipped
with Red Hat Enterprise Linux 3 contains embedded copies of the Apache
Portable Runtime (APR) libraries, which provide a free library of C data
structures and routines, and also additional utility interfaces to support
XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed
before compression completed. This would cause mod_deflate to consume
large amounts of CPU if mod_deflate was enabled for a large file.
(CVE-2009-1891)
This update also fixes the following bug:
* in some cases the Content-Length header was dropped from HEAD responses.
This resulted in certain sites not working correctly with mod_proxy, such
as www.windowsupdate.com. (BZ#506016)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd packages that fix multiple security issues and a bug are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server. The httpd package shipped\nwith Red Hat Enterprise Linux 3 contains embedded copies of the Apache\nPortable Runtime (APR) libraries, which provide a free library of C data\nstructures and routines, and also additional utility interfaces to support\nXML parsing, LDAP, database interfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed\nbefore compression completed. This would cause mod_deflate to consume\nlarge amounts of CPU if mod_deflate was enabled for a large file.\n(CVE-2009-1891)\n\nThis update also fixes the following bug:\n\n* in some cases the Content-Length header was dropped from HEAD responses.\nThis resulted in certain sites not working correctly with mod_proxy, such\nas www.windowsupdate.com. (BZ#506016)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1205",
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "506016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=506016"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1205.json"
}
],
"title": "Red Hat Security Advisory: httpd security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T03:25:49+00:00",
"generator": {
"date": "2024-11-22T03:25:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1205",
"initial_release_date": "2009-08-10T17:34:00+00:00",
"revision_history": [
{
"date": "2009-08-10T17:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-08-10T13:40:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:25:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.ia64",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64",
"product_id": "mod_ssl-1:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=ia64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-0:2.0.46-75.ent.ia64",
"product_id": "httpd-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64",
"product_id": "httpd-devel-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product_id": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.i386",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.i386",
"product_id": "mod_ssl-1:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-0:2.0.46-75.ent.i386",
"product_id": "httpd-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.i386",
"product_id": "httpd-devel-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.src",
"product": {
"name": "httpd-0:2.0.46-75.ent.src",
"product_id": "httpd-0:2.0.46-75.ent.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.ppc",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc",
"product_id": "mod_ssl-1:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-0:2.0.46-75.ent.ppc",
"product_id": "httpd-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc",
"product_id": "httpd-devel-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.s390x",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x",
"product_id": "mod_ssl-1:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-0:2.0.46-75.ent.s390x",
"product_id": "httpd-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x",
"product_id": "httpd-devel-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.s390",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.s390",
"product_id": "mod_ssl-1:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-0:2.0.46-75.ent.s390",
"product_id": "httpd-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.s390",
"product_id": "httpd-devel-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:34:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:34:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
rhsa-2009_1462
Vulnerability from csaf_redhat
Published
2009-09-24 15:17
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: httpd22 security update
Notes
Topic
Updated httpd22 packages that fix multiple security issues are now
available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise
Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server. The httpd22 packages
shipped with JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux
4 contain embedded copies of the Apache Portable Runtime (APR) libraries,
which provide a free library of C data structures and routines, and also
additional utility interfaces to support XML parsing, LDAP, database
interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these
updated packages, which contain backported patches to correct these issues.
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd22 packages that fix multiple security issues are now\navailable for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise\nLinux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server. The httpd22 packages\nshipped with JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux\n4 contain embedded copies of the Apache Portable Runtime (APR) libraries,\nwhich provide a free library of C data structures and routines, and also\nadditional utility interfaces to support XML parsing, LDAP, database\ninterfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1462",
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1462.json"
}
],
"title": "Red Hat Security Advisory: httpd22 security update",
"tracking": {
"current_release_date": "2024-11-22T03:26:02+00:00",
"generator": {
"date": "2024-11-22T03:26:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1462",
"initial_release_date": "2009-09-24T15:17:00+00:00",
"revision_history": [
{
"date": "2009-09-24T15:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-09-24T11:17:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:26:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-24.1.ep5.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product_id": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-24.1.ep5.el4?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-09-24T15:17:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
rhsa-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0602",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
"url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
},
{
"category": "external",
"summary": "200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
"tracking": {
"current_release_date": "2024-12-15T18:14:44+00:00",
"generator": {
"date": "2024-12-15T18:14:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2010:0602",
"initial_release_date": "2010-08-04T21:30:00+00:00",
"revision_history": [
{
"date": "2010-08-04T21:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-05T10:04:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:14:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product_id": "ant-0:1.6.5-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product_id": "axis-0:1.2.1-1jpp_3rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product_id": "log4j-0:1.2.12-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product_id": "pcsc-lite-0:1.3.3-3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2090",
"discovery_date": "2005-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237079"
}
],
"notes": [
{
"category": "description",
"text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat multiple content-length header poisioning",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2090"
},
{
"category": "external",
"summary": "RHBZ#237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
}
],
"release_date": "2005-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat multiple content-length header poisioning"
},
{
"cve": "CVE-2005-3510",
"discovery_date": "2005-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237085"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-3510"
},
{
"category": "external",
"summary": "RHBZ#237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
}
],
"release_date": "2005-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat DoS"
},
{
"cve": "CVE-2006-3835",
"discovery_date": "2006-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237084"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory listing issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3835"
},
{
"category": "external",
"summary": "RHBZ#237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
}
],
"release_date": "2006-07-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat directory listing issue"
},
{
"cve": "CVE-2006-3918",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2006-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "200732"
}
],
"notes": [
{
"category": "description",
"text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Expect header XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3918"
},
{
"category": "external",
"summary": "RHBZ#200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
}
],
"release_date": "2006-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Expect header XSS"
},
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-0450",
"discovery_date": "2007-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237080"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory traversal",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0450"
},
{
"category": "external",
"summary": "RHBZ#237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
}
],
"release_date": "2007-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat directory traversal"
},
{
"cve": "CVE-2007-1349",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "240423"
}
],
"notes": [
{
"category": "description",
"text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_perl PerlRun denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1349"
},
{
"category": "external",
"summary": "RHBZ#240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
}
],
"release_date": "2007-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_perl PerlRun denial of service"
},
{
"cve": "CVE-2007-1358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244803"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat accept-language xss flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1358"
},
{
"category": "external",
"summary": "RHBZ#244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
}
],
"release_date": "2007-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat accept-language xss flaw"
},
{
"cve": "CVE-2007-1863",
"discovery_date": "2007-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244658"
}
],
"notes": [
{
"category": "description",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_cache segfault",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "RHBZ#244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
}
],
"release_date": "2007-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_cache segfault"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
},
{
"cve": "CVE-2007-3382",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247972"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookies",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3382"
},
{
"category": "external",
"summary": "RHBZ#247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookies"
},
{
"cve": "CVE-2007-3385",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247976"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookie values",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3385"
},
{
"category": "external",
"summary": "RHBZ#247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookie values"
},
{
"cve": "CVE-2007-3847",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2007-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "250731"
}
],
"notes": [
{
"category": "description",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: out of bounds read",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "RHBZ#250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
}
],
"release_date": "2007-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: out of bounds read"
},
{
"cve": "CVE-2007-4465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "289511"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_autoindex XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "RHBZ#289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
}
],
"release_date": "2007-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_autoindex XSS"
},
{
"cve": "CVE-2007-5000",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "419931"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_imagemap XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "RHBZ#419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
}
],
"release_date": "2007-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_imagemap XSS"
},
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy",
"Will Drewry"
]
}
],
"cve": "CVE-2007-5116",
"discovery_date": "2007-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "323571"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl regular expression UTF parsing errors",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "RHBZ#323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
}
],
"release_date": "2007-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl regular expression UTF parsing errors"
},
{
"cve": "CVE-2007-5333",
"discovery_date": "2008-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427766"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Improve cookie parsing for tomcat5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5333"
},
{
"category": "external",
"summary": "RHBZ#427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
}
],
"release_date": "2008-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Improve cookie parsing for tomcat5"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2007-6388",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427228"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache mod_status cross-site scripting",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "RHBZ#427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
}
],
"release_date": "2007-12-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache mod_status cross-site scripting"
},
{
"cve": "CVE-2008-0005",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427739"
}
],
"notes": [
{
"category": "description",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_proxy_ftp XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "RHBZ#427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
}
],
"release_date": "2008-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_proxy_ftp XSS"
},
{
"cve": "CVE-2008-0128",
"discovery_date": "2008-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "429821"
}
],
"notes": [
{
"category": "description",
"text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat5 SSO cookie login information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0128"
},
{
"category": "external",
"summary": "RHBZ#429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
}
],
"release_date": "2006-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat5 SSO cookie login information disclosure"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1927",
"discovery_date": "2008-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443928"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap corruption by regular expressions with utf8 characters",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1927"
},
{
"category": "external",
"summary": "RHBZ#443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
}
],
"release_date": "2007-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl: heap corruption by regular expressions with utf8 characters"
},
{
"cve": "CVE-2008-2364",
"discovery_date": "2008-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451615"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "RHBZ#451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
}
],
"release_date": "2008-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458250"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp globbing XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "RHBZ#458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp globbing XSS"
},
{
"cve": "CVE-2008-5515",
"discovery_date": "2009-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504753"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat request dispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5515"
},
{
"category": "external",
"summary": "RHBZ#504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
}
],
"release_date": "2009-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat request dispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2009-0023",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503928"
}
],
"notes": [
{
"category": "description",
"text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util heap buffer underwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0023"
},
{
"category": "external",
"summary": "RHBZ#503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util heap buffer underwrite"
},
{
"cve": "CVE-2009-0033",
"discovery_date": "2009-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "493381"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Denial-Of-Service with AJP connection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0033"
},
{
"category": "external",
"summary": "RHBZ#493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat6 Denial-Of-Service with AJP connection"
},
{
"cve": "CVE-2009-0580",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503978"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Information disclosure in authentication classes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0580"
},
{
"category": "external",
"summary": "RHBZ#503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat6 Information disclosure in authentication classes"
},
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-1955",
"discovery_date": "2009-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504555"
}
],
"notes": [
{
"category": "description",
"text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util billion laughs attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1955"
},
{
"category": "external",
"summary": "RHBZ#504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
}
],
"release_date": "2009-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util billion laughs attack"
},
{
"cve": "CVE-2009-1956",
"discovery_date": "2009-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504390"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util single NULL byte buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1956"
},
{
"category": "external",
"summary": "RHBZ#504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
}
],
"release_date": "2009-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util single NULL byte buffer overflow"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
},
{
"cve": "CVE-2009-3094",
"discovery_date": "2009-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "521619"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3094"
},
{
"category": "external",
"summary": "RHBZ#521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
}
],
"release_date": "2009-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
},
{
"cve": "CVE-2009-3095",
"discovery_date": "2009-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522209"
}
],
"notes": [
{
"category": "description",
"text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3095"
},
{
"category": "external",
"summary": "RHBZ#522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
}
],
"release_date": "2009-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
},
{
"cve": "CVE-2009-4901",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4901"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0407",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0407"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0434",
"discovery_date": "2010-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "570171"
}
],
"notes": [
{
"category": "description",
"text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: request header information leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0434"
},
{
"category": "external",
"summary": "RHBZ#570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
}
],
"release_date": "2009-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: request header information leak"
}
]
}
RHSA-2009:1204
Vulnerability from csaf_redhat
Published
2009-08-10 17:16
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: apr and apr-util security update
Notes
Topic
Updated apr and apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It aims to provide a free library
of C data structures and routines. apr-util is a utility library used with
APR. This library provides additional utility interfaces for APR; including
support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
All apr and apr-util users should upgrade to these updated packages, which
contain backported patches to correct these issues. Applications using the
APR libraries, such as httpd, must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated apr and apr-util packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache Portable Runtime (APR) is a portability library used by the\nApache HTTP Server and other projects. It aims to provide a free library\nof C data structures and routines. apr-util is a utility library used with\nAPR. This library provides additional utility interfaces for APR; including\nsupport for XML parsing, LDAP, database interfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nAll apr and apr-util users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Applications using the\nAPR libraries, such as httpd, must be restarted for this update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1204",
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1204.json"
}
],
"title": "Red Hat Security Advisory: apr and apr-util security update",
"tracking": {
"current_release_date": "2024-11-22T03:25:44+00:00",
"generator": {
"date": "2024-11-22T03:25:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1204",
"initial_release_date": "2009-08-10T17:16:00+00:00",
"revision_history": [
{
"date": "2009-08-10T17:16:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-08-10T13:22:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:25:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.src",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.src",
"product_id": "apr-0:1.2.7-11.el5_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.src",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.src",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.src",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:16:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
RHSA-2009:1205
Vulnerability from csaf_redhat
Published
2009-08-10 17:34
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd security and bug fix update
Notes
Topic
Updated httpd packages that fix multiple security issues and a bug are now
available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server. The httpd package shipped
with Red Hat Enterprise Linux 3 contains embedded copies of the Apache
Portable Runtime (APR) libraries, which provide a free library of C data
structures and routines, and also additional utility interfaces to support
XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed
before compression completed. This would cause mod_deflate to consume
large amounts of CPU if mod_deflate was enabled for a large file.
(CVE-2009-1891)
This update also fixes the following bug:
* in some cases the Content-Length header was dropped from HEAD responses.
This resulted in certain sites not working correctly with mod_proxy, such
as www.windowsupdate.com. (BZ#506016)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd packages that fix multiple security issues and a bug are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server. The httpd package shipped\nwith Red Hat Enterprise Linux 3 contains embedded copies of the Apache\nPortable Runtime (APR) libraries, which provide a free library of C data\nstructures and routines, and also additional utility interfaces to support\nXML parsing, LDAP, database interfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed\nbefore compression completed. This would cause mod_deflate to consume\nlarge amounts of CPU if mod_deflate was enabled for a large file.\n(CVE-2009-1891)\n\nThis update also fixes the following bug:\n\n* in some cases the Content-Length header was dropped from HEAD responses.\nThis resulted in certain sites not working correctly with mod_proxy, such\nas www.windowsupdate.com. (BZ#506016)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1205",
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "506016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=506016"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1205.json"
}
],
"title": "Red Hat Security Advisory: httpd security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T03:25:49+00:00",
"generator": {
"date": "2024-11-22T03:25:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1205",
"initial_release_date": "2009-08-10T17:34:00+00:00",
"revision_history": [
{
"date": "2009-08-10T17:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-08-10T13:40:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:25:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.ia64",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64",
"product_id": "mod_ssl-1:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=ia64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-0:2.0.46-75.ent.ia64",
"product_id": "httpd-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64",
"product_id": "httpd-devel-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product_id": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.i386",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.i386",
"product_id": "mod_ssl-1:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-0:2.0.46-75.ent.i386",
"product_id": "httpd-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.i386",
"product_id": "httpd-devel-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.src",
"product": {
"name": "httpd-0:2.0.46-75.ent.src",
"product_id": "httpd-0:2.0.46-75.ent.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.ppc",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc",
"product_id": "mod_ssl-1:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-0:2.0.46-75.ent.ppc",
"product_id": "httpd-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc",
"product_id": "httpd-devel-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.s390x",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x",
"product_id": "mod_ssl-1:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-0:2.0.46-75.ent.s390x",
"product_id": "httpd-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x",
"product_id": "httpd-devel-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.s390",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.s390",
"product_id": "mod_ssl-1:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-0:2.0.46-75.ent.s390",
"product_id": "httpd-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.s390",
"product_id": "httpd-devel-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:34:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:34:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
rhsa-2009:1205
Vulnerability from csaf_redhat
Published
2009-08-10 17:34
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd security and bug fix update
Notes
Topic
Updated httpd packages that fix multiple security issues and a bug are now
available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server. The httpd package shipped
with Red Hat Enterprise Linux 3 contains embedded copies of the Apache
Portable Runtime (APR) libraries, which provide a free library of C data
structures and routines, and also additional utility interfaces to support
XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed
before compression completed. This would cause mod_deflate to consume
large amounts of CPU if mod_deflate was enabled for a large file.
(CVE-2009-1891)
This update also fixes the following bug:
* in some cases the Content-Length header was dropped from HEAD responses.
This resulted in certain sites not working correctly with mod_proxy, such
as www.windowsupdate.com. (BZ#506016)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd packages that fix multiple security issues and a bug are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server. The httpd package shipped\nwith Red Hat Enterprise Linux 3 contains embedded copies of the Apache\nPortable Runtime (APR) libraries, which provide a free library of C data\nstructures and routines, and also additional utility interfaces to support\nXML parsing, LDAP, database interfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed\nbefore compression completed. This would cause mod_deflate to consume\nlarge amounts of CPU if mod_deflate was enabled for a large file.\n(CVE-2009-1891)\n\nThis update also fixes the following bug:\n\n* in some cases the Content-Length header was dropped from HEAD responses.\nThis resulted in certain sites not working correctly with mod_proxy, such\nas www.windowsupdate.com. (BZ#506016)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1205",
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "506016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=506016"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1205.json"
}
],
"title": "Red Hat Security Advisory: httpd security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T03:25:49+00:00",
"generator": {
"date": "2024-11-22T03:25:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1205",
"initial_release_date": "2009-08-10T17:34:00+00:00",
"revision_history": [
{
"date": "2009-08-10T17:34:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-08-10T13:40:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:25:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.ia64",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64",
"product_id": "mod_ssl-1:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=ia64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-0:2.0.46-75.ent.ia64",
"product_id": "httpd-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.ia64",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64",
"product_id": "httpd-devel-0:2.0.46-75.ent.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product_id": "mod_ssl-1:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product_id": "httpd-devel-0:2.0.46-75.ent.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.i386",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.i386",
"product_id": "mod_ssl-1:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-0:2.0.46-75.ent.i386",
"product_id": "httpd-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.i386",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.i386",
"product_id": "httpd-devel-0:2.0.46-75.ent.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.src",
"product": {
"name": "httpd-0:2.0.46-75.ent.src",
"product_id": "httpd-0:2.0.46-75.ent.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.ppc",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc",
"product_id": "mod_ssl-1:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-0:2.0.46-75.ent.ppc",
"product_id": "httpd-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.ppc",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc",
"product_id": "httpd-devel-0:2.0.46-75.ent.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.s390x",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x",
"product_id": "mod_ssl-1:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-0:2.0.46-75.ent.s390x",
"product_id": "httpd-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.s390x",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x",
"product_id": "httpd-devel-0:2.0.46-75.ent.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.0.46-75.ent.s390",
"product": {
"name": "mod_ssl-1:2.0.46-75.ent.s390",
"product_id": "mod_ssl-1:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.0.46-75.ent?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product_id": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-75.ent?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-0:2.0.46-75.ent.s390",
"product_id": "httpd-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.0.46-75.ent?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.0.46-75.ent.s390",
"product": {
"name": "httpd-devel-0:2.0.46-75.ent.s390",
"product_id": "httpd-devel-0:2.0.46-75.ent.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.0.46-75.ent?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.src"
},
"product_reference": "httpd-0:2.0.46-75.ent.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.i386"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.ia64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.ppc"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.s390"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.s390x"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:httpd-devel-0:2.0.46-75.ent.x86_64"
},
"product_reference": "httpd-devel-0:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.i386"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.ia64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.ppc"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.s390"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.s390x"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.0.46-75.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
},
"product_reference": "mod_ssl-1:2.0.46-75.ent.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:34:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:34:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS:httpd-0:2.0.46-75.ent.i386",
"3AS:httpd-0:2.0.46-75.ent.ia64",
"3AS:httpd-0:2.0.46-75.ent.ppc",
"3AS:httpd-0:2.0.46-75.ent.s390",
"3AS:httpd-0:2.0.46-75.ent.s390x",
"3AS:httpd-0:2.0.46-75.ent.src",
"3AS:httpd-0:2.0.46-75.ent.x86_64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3AS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3AS:httpd-devel-0:2.0.46-75.ent.i386",
"3AS:httpd-devel-0:2.0.46-75.ent.ia64",
"3AS:httpd-devel-0:2.0.46-75.ent.ppc",
"3AS:httpd-devel-0:2.0.46-75.ent.s390",
"3AS:httpd-devel-0:2.0.46-75.ent.s390x",
"3AS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3AS:mod_ssl-1:2.0.46-75.ent.i386",
"3AS:mod_ssl-1:2.0.46-75.ent.ia64",
"3AS:mod_ssl-1:2.0.46-75.ent.ppc",
"3AS:mod_ssl-1:2.0.46-75.ent.s390",
"3AS:mod_ssl-1:2.0.46-75.ent.s390x",
"3AS:mod_ssl-1:2.0.46-75.ent.x86_64",
"3Desktop:httpd-0:2.0.46-75.ent.i386",
"3Desktop:httpd-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-0:2.0.46-75.ent.s390",
"3Desktop:httpd-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-0:2.0.46-75.ent.src",
"3Desktop:httpd-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.i386",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ia64",
"3Desktop:httpd-devel-0:2.0.46-75.ent.ppc",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390",
"3Desktop:httpd-devel-0:2.0.46-75.ent.s390x",
"3Desktop:httpd-devel-0:2.0.46-75.ent.x86_64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.i386",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ia64",
"3Desktop:mod_ssl-1:2.0.46-75.ent.ppc",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390",
"3Desktop:mod_ssl-1:2.0.46-75.ent.s390x",
"3Desktop:mod_ssl-1:2.0.46-75.ent.x86_64",
"3ES:httpd-0:2.0.46-75.ent.i386",
"3ES:httpd-0:2.0.46-75.ent.ia64",
"3ES:httpd-0:2.0.46-75.ent.ppc",
"3ES:httpd-0:2.0.46-75.ent.s390",
"3ES:httpd-0:2.0.46-75.ent.s390x",
"3ES:httpd-0:2.0.46-75.ent.src",
"3ES:httpd-0:2.0.46-75.ent.x86_64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3ES:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3ES:httpd-devel-0:2.0.46-75.ent.i386",
"3ES:httpd-devel-0:2.0.46-75.ent.ia64",
"3ES:httpd-devel-0:2.0.46-75.ent.ppc",
"3ES:httpd-devel-0:2.0.46-75.ent.s390",
"3ES:httpd-devel-0:2.0.46-75.ent.s390x",
"3ES:httpd-devel-0:2.0.46-75.ent.x86_64",
"3ES:mod_ssl-1:2.0.46-75.ent.i386",
"3ES:mod_ssl-1:2.0.46-75.ent.ia64",
"3ES:mod_ssl-1:2.0.46-75.ent.ppc",
"3ES:mod_ssl-1:2.0.46-75.ent.s390",
"3ES:mod_ssl-1:2.0.46-75.ent.s390x",
"3ES:mod_ssl-1:2.0.46-75.ent.x86_64",
"3WS:httpd-0:2.0.46-75.ent.i386",
"3WS:httpd-0:2.0.46-75.ent.ia64",
"3WS:httpd-0:2.0.46-75.ent.ppc",
"3WS:httpd-0:2.0.46-75.ent.s390",
"3WS:httpd-0:2.0.46-75.ent.s390x",
"3WS:httpd-0:2.0.46-75.ent.src",
"3WS:httpd-0:2.0.46-75.ent.x86_64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.i386",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ia64",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.ppc",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.s390x",
"3WS:httpd-debuginfo-0:2.0.46-75.ent.x86_64",
"3WS:httpd-devel-0:2.0.46-75.ent.i386",
"3WS:httpd-devel-0:2.0.46-75.ent.ia64",
"3WS:httpd-devel-0:2.0.46-75.ent.ppc",
"3WS:httpd-devel-0:2.0.46-75.ent.s390",
"3WS:httpd-devel-0:2.0.46-75.ent.s390x",
"3WS:httpd-devel-0:2.0.46-75.ent.x86_64",
"3WS:mod_ssl-1:2.0.46-75.ent.i386",
"3WS:mod_ssl-1:2.0.46-75.ent.ia64",
"3WS:mod_ssl-1:2.0.46-75.ent.ppc",
"3WS:mod_ssl-1:2.0.46-75.ent.s390",
"3WS:mod_ssl-1:2.0.46-75.ent.s390x",
"3WS:mod_ssl-1:2.0.46-75.ent.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
rhsa-2009:1462
Vulnerability from csaf_redhat
Published
2009-09-24 15:17
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: httpd22 security update
Notes
Topic
Updated httpd22 packages that fix multiple security issues are now
available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise
Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server. The httpd22 packages
shipped with JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux
4 contain embedded copies of the Apache Portable Runtime (APR) libraries,
which provide a free library of C data structures and routines, and also
additional utility interfaces to support XML parsing, LDAP, database
interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these
updated packages, which contain backported patches to correct these issues.
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd22 packages that fix multiple security issues are now\navailable for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise\nLinux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server. The httpd22 packages\nshipped with JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux\n4 contain embedded copies of the Apache Portable Runtime (APR) libraries,\nwhich provide a free library of C data structures and routines, and also\nadditional utility interfaces to support XML parsing, LDAP, database\ninterfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1462",
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1462.json"
}
],
"title": "Red Hat Security Advisory: httpd22 security update",
"tracking": {
"current_release_date": "2024-11-22T03:26:02+00:00",
"generator": {
"date": "2024-11-22T03:26:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1462",
"initial_release_date": "2009-09-24T15:17:00+00:00",
"revision_history": [
{
"date": "2009-09-24T15:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-09-24T11:17:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:26:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-24.1.ep5.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product_id": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-24.1.ep5.el4?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-09-24T15:17:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
rhsa-2010_0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0602",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
"url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
},
{
"category": "external",
"summary": "200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
"tracking": {
"current_release_date": "2024-12-15T18:14:44+00:00",
"generator": {
"date": "2024-12-15T18:14:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2010:0602",
"initial_release_date": "2010-08-04T21:30:00+00:00",
"revision_history": [
{
"date": "2010-08-04T21:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-05T10:04:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:14:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product_id": "ant-0:1.6.5-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product_id": "axis-0:1.2.1-1jpp_3rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product_id": "log4j-0:1.2.12-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product_id": "pcsc-lite-0:1.3.3-3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2090",
"discovery_date": "2005-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237079"
}
],
"notes": [
{
"category": "description",
"text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat multiple content-length header poisioning",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2090"
},
{
"category": "external",
"summary": "RHBZ#237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
}
],
"release_date": "2005-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat multiple content-length header poisioning"
},
{
"cve": "CVE-2005-3510",
"discovery_date": "2005-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237085"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-3510"
},
{
"category": "external",
"summary": "RHBZ#237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
}
],
"release_date": "2005-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat DoS"
},
{
"cve": "CVE-2006-3835",
"discovery_date": "2006-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237084"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory listing issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3835"
},
{
"category": "external",
"summary": "RHBZ#237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
}
],
"release_date": "2006-07-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat directory listing issue"
},
{
"cve": "CVE-2006-3918",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2006-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "200732"
}
],
"notes": [
{
"category": "description",
"text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Expect header XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3918"
},
{
"category": "external",
"summary": "RHBZ#200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
}
],
"release_date": "2006-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Expect header XSS"
},
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-0450",
"discovery_date": "2007-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237080"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory traversal",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0450"
},
{
"category": "external",
"summary": "RHBZ#237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
}
],
"release_date": "2007-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat directory traversal"
},
{
"cve": "CVE-2007-1349",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "240423"
}
],
"notes": [
{
"category": "description",
"text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_perl PerlRun denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1349"
},
{
"category": "external",
"summary": "RHBZ#240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
}
],
"release_date": "2007-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_perl PerlRun denial of service"
},
{
"cve": "CVE-2007-1358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244803"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat accept-language xss flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1358"
},
{
"category": "external",
"summary": "RHBZ#244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
}
],
"release_date": "2007-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat accept-language xss flaw"
},
{
"cve": "CVE-2007-1863",
"discovery_date": "2007-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244658"
}
],
"notes": [
{
"category": "description",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_cache segfault",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "RHBZ#244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
}
],
"release_date": "2007-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_cache segfault"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
},
{
"cve": "CVE-2007-3382",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247972"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookies",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3382"
},
{
"category": "external",
"summary": "RHBZ#247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookies"
},
{
"cve": "CVE-2007-3385",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247976"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookie values",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3385"
},
{
"category": "external",
"summary": "RHBZ#247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookie values"
},
{
"cve": "CVE-2007-3847",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2007-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "250731"
}
],
"notes": [
{
"category": "description",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: out of bounds read",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "RHBZ#250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
}
],
"release_date": "2007-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: out of bounds read"
},
{
"cve": "CVE-2007-4465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "289511"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_autoindex XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "RHBZ#289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
}
],
"release_date": "2007-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_autoindex XSS"
},
{
"cve": "CVE-2007-5000",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "419931"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_imagemap XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "RHBZ#419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
}
],
"release_date": "2007-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_imagemap XSS"
},
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy",
"Will Drewry"
]
}
],
"cve": "CVE-2007-5116",
"discovery_date": "2007-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "323571"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl regular expression UTF parsing errors",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "RHBZ#323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
}
],
"release_date": "2007-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl regular expression UTF parsing errors"
},
{
"cve": "CVE-2007-5333",
"discovery_date": "2008-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427766"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Improve cookie parsing for tomcat5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5333"
},
{
"category": "external",
"summary": "RHBZ#427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
}
],
"release_date": "2008-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Improve cookie parsing for tomcat5"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2007-6388",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427228"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache mod_status cross-site scripting",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "RHBZ#427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
}
],
"release_date": "2007-12-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache mod_status cross-site scripting"
},
{
"cve": "CVE-2008-0005",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427739"
}
],
"notes": [
{
"category": "description",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_proxy_ftp XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "RHBZ#427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
}
],
"release_date": "2008-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_proxy_ftp XSS"
},
{
"cve": "CVE-2008-0128",
"discovery_date": "2008-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "429821"
}
],
"notes": [
{
"category": "description",
"text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat5 SSO cookie login information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0128"
},
{
"category": "external",
"summary": "RHBZ#429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
}
],
"release_date": "2006-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat5 SSO cookie login information disclosure"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1927",
"discovery_date": "2008-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443928"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap corruption by regular expressions with utf8 characters",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1927"
},
{
"category": "external",
"summary": "RHBZ#443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
}
],
"release_date": "2007-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl: heap corruption by regular expressions with utf8 characters"
},
{
"cve": "CVE-2008-2364",
"discovery_date": "2008-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451615"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "RHBZ#451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
}
],
"release_date": "2008-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458250"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp globbing XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "RHBZ#458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp globbing XSS"
},
{
"cve": "CVE-2008-5515",
"discovery_date": "2009-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504753"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat request dispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5515"
},
{
"category": "external",
"summary": "RHBZ#504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
}
],
"release_date": "2009-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat request dispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2009-0023",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503928"
}
],
"notes": [
{
"category": "description",
"text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util heap buffer underwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0023"
},
{
"category": "external",
"summary": "RHBZ#503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util heap buffer underwrite"
},
{
"cve": "CVE-2009-0033",
"discovery_date": "2009-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "493381"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Denial-Of-Service with AJP connection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0033"
},
{
"category": "external",
"summary": "RHBZ#493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat6 Denial-Of-Service with AJP connection"
},
{
"cve": "CVE-2009-0580",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503978"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Information disclosure in authentication classes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0580"
},
{
"category": "external",
"summary": "RHBZ#503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat6 Information disclosure in authentication classes"
},
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-1955",
"discovery_date": "2009-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504555"
}
],
"notes": [
{
"category": "description",
"text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util billion laughs attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1955"
},
{
"category": "external",
"summary": "RHBZ#504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
}
],
"release_date": "2009-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util billion laughs attack"
},
{
"cve": "CVE-2009-1956",
"discovery_date": "2009-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504390"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util single NULL byte buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1956"
},
{
"category": "external",
"summary": "RHBZ#504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
}
],
"release_date": "2009-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util single NULL byte buffer overflow"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
},
{
"cve": "CVE-2009-3094",
"discovery_date": "2009-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "521619"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3094"
},
{
"category": "external",
"summary": "RHBZ#521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
}
],
"release_date": "2009-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
},
{
"cve": "CVE-2009-3095",
"discovery_date": "2009-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522209"
}
],
"notes": [
{
"category": "description",
"text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3095"
},
{
"category": "external",
"summary": "RHBZ#522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
}
],
"release_date": "2009-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
},
{
"cve": "CVE-2009-4901",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4901"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0407",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0407"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0434",
"discovery_date": "2010-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "570171"
}
],
"notes": [
{
"category": "description",
"text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: request header information leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0434"
},
{
"category": "external",
"summary": "RHBZ#570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
}
],
"release_date": "2009-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: request header information leak"
}
]
}
rhsa-2009_1204
Vulnerability from csaf_redhat
Published
2009-08-10 17:16
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: apr and apr-util security update
Notes
Topic
Updated apr and apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It aims to provide a free library
of C data structures and routines. apr-util is a utility library used with
APR. This library provides additional utility interfaces for APR; including
support for XML parsing, LDAP, database interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
All apr and apr-util users should upgrade to these updated packages, which
contain backported patches to correct these issues. Applications using the
APR libraries, such as httpd, must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated apr and apr-util packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache Portable Runtime (APR) is a portability library used by the\nApache HTTP Server and other projects. It aims to provide a free library\nof C data structures and routines. apr-util is a utility library used with\nAPR. This library provides additional utility interfaces for APR; including\nsupport for XML parsing, LDAP, database interfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nAll apr and apr-util users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Applications using the\nAPR libraries, such as httpd, must be restarted for this update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1204",
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1204.json"
}
],
"title": "Red Hat Security Advisory: apr and apr-util security update",
"tracking": {
"current_release_date": "2024-11-22T03:25:44+00:00",
"generator": {
"date": "2024-11-22T03:25:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1204",
"initial_release_date": "2009-08-10T17:16:00+00:00",
"revision_history": [
{
"date": "2009-08-10T17:16:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-08-10T13:22:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:25:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.src",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.src",
"product_id": "apr-0:1.2.7-11.el5_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.src",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.src",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.src",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-docs@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product_id": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-docs@1.2.7-7.el5_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product_id": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@1.2.7-11.el5_3.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product_id": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@1.2.7-7.el5_3.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-debuginfo@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product_id": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-devel@0.9.4-24.9.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-devel@0.9.4-22.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util@0.9.4-22.el4_8.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product_id": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apr-util-debuginfo@0.9.4-22.el4_8.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.src"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64"
},
"product_reference": "apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.src"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64"
},
"product_reference": "apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.src"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.s390"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-devel-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.i386"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-docs-0:1.2.7-11.el5_3.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64"
},
"product_reference": "apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.src"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
},
"product_reference": "apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-08-10T17:16:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-0:0.9.4-24.9.el4_8.2.src",
"4AS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4AS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-0:0.9.4-22.el4_8.2.src",
"4AS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4AS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.src",
"4Desktop:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4Desktop:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.src",
"4Desktop:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4Desktop:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-0:0.9.4-24.9.el4_8.2.src",
"4ES:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4ES:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-0:0.9.4-22.el4_8.2.src",
"4ES:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4ES:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-0:0.9.4-24.9.el4_8.2.src",
"4WS:apr-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.ppc64",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-debuginfo-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.i386",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ia64",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.ppc",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.s390x",
"4WS:apr-devel-0:0.9.4-24.9.el4_8.2.x86_64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-0:0.9.4-22.el4_8.2.src",
"4WS:apr-util-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-debuginfo-0:0.9.4-22.el4_8.2.x86_64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.i386",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ia64",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.ppc",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.s390x",
"4WS:apr-util-devel-0:0.9.4-22.el4_8.2.x86_64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.src",
"5Client-Workstation:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client-Workstation:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client-Workstation:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client-Workstation:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-0:1.2.7-11.el5_3.1.src",
"5Client:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Client:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-0:1.2.7-7.el5_3.2.src",
"5Client:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Client:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-0:1.2.7-11.el5_3.1.src",
"5Server:apr-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-debuginfo-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.ppc64",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-devel-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.i386",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ia64",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.ppc",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.s390x",
"5Server:apr-docs-0:1.2.7-11.el5_3.1.x86_64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-0:1.2.7-7.el5_3.2.src",
"5Server:apr-util-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-debuginfo-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.ppc64",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-devel-0:1.2.7-7.el5_3.2.x86_64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.i386",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ia64",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.ppc",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.s390x",
"5Server:apr-util-docs-0:1.2.7-7.el5_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
RHSA-2009:1462
Vulnerability from csaf_redhat
Published
2009-09-24 15:17
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: httpd22 security update
Notes
Topic
Updated httpd22 packages that fix multiple security issues are now
available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise
Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server. The httpd22 packages
shipped with JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux
4 contain embedded copies of the Apache Portable Runtime (APR) libraries,
which provide a free library of C data structures and routines, and also
additional utility interfaces to support XML parsing, LDAP, database
interfaces, URI parsing, and more.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the Apache Portable Runtime (APR) manages memory pool
and relocatable memory allocations. An attacker could use these flaws to
issue a specially-crafted request for memory allocation, which would lead
to a denial of service (application crash) or, potentially, execute
arbitrary code with the privileges of an application using the APR
libraries. (CVE-2009-2412)
All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these
updated packages, which contain backported patches to correct these issues.
After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd22 packages that fix multiple security issues are now\navailable for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise\nLinux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a popular Web server. The httpd22 packages\nshipped with JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux\n4 contain embedded copies of the Apache Portable Runtime (APR) libraries,\nwhich provide a free library of C data structures and routines, and also\nadditional utility interfaces to support XML parsing, LDAP, database\ninterfaces, URI parsing, and more.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the way the Apache Portable Runtime (APR) manages memory pool\nand relocatable memory allocations. An attacker could use these flaws to\nissue a specially-crafted request for memory allocation, which would lead\nto a denial of service (application crash) or, potentially, execute\narbitrary code with the privileges of an application using the APR\nlibraries. (CVE-2009-2412)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1462",
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1462.json"
}
],
"title": "Red Hat Security Advisory: httpd22 security update",
"tracking": {
"current_release_date": "2024-11-22T03:26:02+00:00",
"generator": {
"date": "2024-11-22T03:26:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1462",
"initial_release_date": "2009-09-24T15:17:00+00:00",
"revision_history": [
{
"date": "2009-09-24T15:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-09-24T11:17:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:26:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-24.1.ep5.el4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product_id": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-24.1.ep5.el4?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-24.1.ep5.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product_id": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.10-24.1.ep5.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
"product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4AS-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.src",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
"product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"relates_to_product_reference": "4ES-JBEWS-5.0.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-09-24T15:17:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4AS-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.src",
"4ES-JBEWS-5.0.0:httpd22-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-24.1.ep5.el4.x86_64",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.i386",
"4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-24.1.ep5.el4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
}
]
}
var-200908-0708
Vulnerability from variot
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.
This update provides fixes for these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
Updated Packages:
Mandriva Linux 2008.1: bd5757bce0a8299edcf7dcc3e2980964 2008.1/i586/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.i586.rpm 50ba5cc45e1f72e8219addc0df369ca4 2008.1/i586/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.i586.rpm 1cb0f643e4084741afefb8d25d975062 2008.1/i586/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.i586.rpm 23990e6d23f02addecd2d3dcd7d68baf 2008.1/i586/libapr1-1.2.12-3.1mdv2008.1.i586.rpm 002cebd9b1e101cc487490fb5e1de4b9 2008.1/i586/libapr-devel-1.2.12-3.1mdv2008.1.i586.rpm 178584e4fee60428188b4f8be39e8b22 2008.1/i586/libapr-util1-1.2.12-4.2mdv2008.1.i586.rpm d718e18960ee01edbfc9cf99cb335604 2008.1/i586/libapr-util-devel-1.2.12-4.2mdv2008.1.i586.rpm bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6a9a81c520c8e30b5f8fbbe54d185dff 2008.1/x86_64/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.x86_64.rpm cc9d7917d41f5ca317d2942c2d14c859 2008.1/x86_64/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.x86_64.rpm 016e48025c0fec50db868ba23d20140e 2008.1/x86_64/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.x86_64.rpm 6ee3859a30eab3399275b29356df5727 2008.1/x86_64/lib64apr1-1.2.12-3.1mdv2008.1.x86_64.rpm 766f74618ab9532eef5ab40f94112579 2008.1/x86_64/lib64apr-devel-1.2.12-3.1mdv2008.1.x86_64.rpm 6e57aa1381b9af730eec5f313f8d5d79 2008.1/x86_64/lib64apr-util1-1.2.12-4.2mdv2008.1.x86_64.rpm 6fda7ebf5640ad5ad9ba0d2d1169dbc9 2008.1/x86_64/lib64apr-util-devel-1.2.12-4.2mdv2008.1.x86_64.rpm bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm
Mandriva Linux 2009.0: 89786c5904cee8d22c5140528d412a1c 2009.0/i586/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.i586.rpm 19df90719d15def384b7aec1efc5dcd8 2009.0/i586/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.i586.rpm e164acf4668fd239f2801698e3dc9aa4 2009.0/i586/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.i586.rpm 70f55ca514ef15778001082f3c51a9fd 2009.0/i586/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.i586.rpm 85135d9490be22fc56a897cf9d5fba7e 2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.i586.rpm 424d3a8896bc70503a69dc8c4d9882a9 2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.i586.rpm 586edd704499f119527638f0f1913614 2009.0/i586/libapr1-1.3.3-2.1mdv2009.0.i586.rpm f5065323fca63075434ce1eb850e3c01 2009.0/i586/libapr-devel-1.3.3-2.1mdv2009.0.i586.rpm 4aba7262b561a1d67187c799cd06a138 2009.0/i586/libapr-util1-1.3.4-2.2mdv2009.0.i586.rpm a125fa8529bd8dd79ada83747c23f9d4 2009.0/i586/libapr-util-devel-1.3.4-2.2mdv2009.0.i586.rpm 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 667ffab851dd6babd31700a5d9c113a7 2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.x86_64.rpm 08089224bb9da997752624d85c229251 2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.x86_64.rpm 7ce1a16bc3e35fc4a3dcb8a1e148c05b 2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.x86_64.rpm 075dbc136d3110952d54f9a85761c1b6 2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.x86_64.rpm 90edf3ec758ed79a7973a36141ddc295 2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.x86_64.rpm f15ee7ff2b203c436eab2d7e4c118a1d 2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.x86_64.rpm 2b0529a353e38a0eda5f8d08ecf95554 2009.0/x86_64/lib64apr1-1.3.3-2.1mdv2009.0.x86_64.rpm 524773745dfeb06cd86e7149723c6cbe 2009.0/x86_64/lib64apr-devel-1.3.3-2.1mdv2009.0.x86_64.rpm 3e7bc1d3e713ba5893c34215ee93f932 2009.0/x86_64/lib64apr-util1-1.3.4-2.2mdv2009.0.x86_64.rpm 44be6021b3db277a5993f488b02074db 2009.0/x86_64/lib64apr-util-devel-1.3.4-2.2mdv2009.0.x86_64.rpm 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm
Mandriva Linux 2009.1: 0b3427fcb40fcd8e068eb81e8de67685 2009.1/i586/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.i586.rpm 77e215797fc02c290e59ce072a36fffc 2009.1/i586/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.i586.rpm 05d1106df36459a7a40ecb11d5560c61 2009.1/i586/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.i586.rpm 97adcfda40750873588942a9ab0e5e3c 2009.1/i586/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.i586.rpm 1b9379f8d6ec49908d43d4228ecbee66 2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.i586.rpm a5e5bb25d2e370e22f274482afe74fd8 2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.i586.rpm 1f907eab0d93dd413086f0943988284c 2009.1/i586/libapr1-1.3.3-5.1mdv2009.1.i586.rpm a6992c671c7352c2965f46abced93b8a 2009.1/i586/libapr-devel-1.3.3-5.1mdv2009.1.i586.rpm e748ca10352eaa46ef2514ce8718674b 2009.1/i586/libapr-util1-1.3.4-9.2mdv2009.1.i586.rpm 73afb8eabe81ae8be63f1ba9d8fc3bf2 2009.1/i586/libapr-util-devel-1.3.4-9.2mdv2009.1.i586.rpm 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: f0b10ee44c9092605ad1137a46e4955c 2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.x86_64.rpm 98247a74314a56b6f4097a9943e236c0 2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.x86_64.rpm 2e0d895eb1b93c2518436ab4c678da23 2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.x86_64.rpm 8269586d2608f6e79eff11de7bda333e 2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.x86_64.rpm 489b31861a5fabd272348ca224e4d9b4 2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.x86_64.rpm b1164ff6f2e06bfcada083e9d11c1595 2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.x86_64.rpm 257e2b240479fb7c472efa7de7ee11c8 2009.1/x86_64/lib64apr1-1.3.3-5.1mdv2009.1.x86_64.rpm 222f5f44d9600dcf593923ea6422d47e 2009.1/x86_64/lib64apr-devel-1.3.3-5.1mdv2009.1.x86_64.rpm 99ef537b486eccad55d8f0d79f37abbd 2009.1/x86_64/lib64apr-util1-1.3.4-9.2mdv2009.1.x86_64.rpm 9d9e0933f57289530059e5a9b3e42e1c 2009.1/x86_64/lib64apr-util-devel-1.3.4-9.2mdv2009.1.x86_64.rpm 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm
Corporate 3.0: 39d0747e39f45148c8540e76a272f219 corporate/3.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm 9c7677568ec7e3fab84ed224af029d6a corporate/3.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm 9f60f68aa326aaaa02cb6e9346ac0b7b corporate/3.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm a9051117cf2a34ed7cf9066e31d1767f corporate/3.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm ddc2cafb1a02ee501e5127a8731ea942 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm f3bbd229b347489f40b81419214c42bd corporate/3.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm cd19b116ef93c07f78efbe4393d2e3be corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm 5a2da72b9255a8c35f0ed877899f90eb corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm e940b8e3b2da880bca84ebc9f528b2e6 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm 5d713bee1985cc49c585b4289ee76f1e corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm f293fbf344f6fc55e92170518a710149 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm f4c48499cb6968a12a5250e3464a2b30 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm 997ea437e49903a014de32e61573de7a corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm fe5f16a62fc94177286445e9830cb6a6 corporate/3.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm 4eb89be3edc9f7dd0511e22d64baefe2 corporate/3.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm 64be98dcd021367f603e972cc40d6710 corporate/3.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm
Corporate 3.0/X86_64: c84b780216da90735018f37b8d606ad9 corporate/3.0/x86_64/apache2-2.0.48-6.22.C30mdk.x86_64.rpm 079ef7c187ea63bdfdb7b2f8e0c7ed85 corporate/3.0/x86_64/apache2-common-2.0.48-6.22.C30mdk.x86_64.rpm 78d8764d894dcf4821e3014b3bf0a1c2 corporate/3.0/x86_64/apache2-devel-2.0.48-6.22.C30mdk.x86_64.rpm e938351292eaf95bad5937066e071f6e corporate/3.0/x86_64/apache2-manual-2.0.48-6.22.C30mdk.x86_64.rpm b7b0c47891c1da19b9bfedd5eaeb5a12 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.22.C30mdk.x86_64.rpm 14603191e70ea26450ad9f5254f1eff8 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.22.C30mdk.x86_64.rpm f49c1f32bfa9b325836e28f7078d3897 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.22.C30mdk.x86_64.rpm 0d8058c7d57105b18e97579817872d95 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.x86_64.rpm 09b7bdc4907e672ee9b83a9f0ed2fb13 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.22.C30mdk.x86_64.rpm 90a9565c923530b22f4141d2a186972b corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.22.C30mdk.x86_64.rpm 0f244810519460074938138d87a11997 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.x86_64.rpm 0836106477de3d26f4c31a595c996cdc corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.22.C30mdk.x86_64.rpm 353d05dfc30072a39f3597c39454f331 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.22.C30mdk.x86_64.rpm 1234e8bf94a4ddf65cf225aaf4367937 corporate/3.0/x86_64/apache2-modules-2.0.48-6.22.C30mdk.x86_64.rpm fbb25973021e327262cc152fd46996cc corporate/3.0/x86_64/apache2-source-2.0.48-6.22.C30mdk.x86_64.rpm 0520ca7c45963a2e2e26d8e3b5f63c41 corporate/3.0/x86_64/lib64apr0-2.0.48-6.22.C30mdk.x86_64.rpm 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm
Corporate 4.0: 59bb8b01944e22319fcd4a0202bdffd9 corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.i586.rpm 75fc1a2cbde6e0426f3f59cfd099b3b1 corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.i586.rpm 73cbae192430eca396ba79f548437cc1 corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.i586.rpm 09726634b12dc2afc37d292853cfb28c corporate/4.0/i586/libapr1-1.2.7-1.1.20060mlcs4.i586.rpm cbfbe3652be9a6986f5f672034b84dc0 corporate/4.0/i586/libapr1-devel-1.2.7-1.1.20060mlcs4.i586.rpm 0733be6b968d4cbcce3494afe962ea12 corporate/4.0/i586/libapr-util1-1.2.7-6.2.20060mlcs4.i586.rpm 725117e7948c43a6fb72f51966d6dd79 corporate/4.0/i586/libapr-util1-devel-1.2.7-6.2.20060mlcs4.i586.rpm 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 09e54e8fb5df6737dc1b00440d31d5c7 corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.x86_64.rpm 766214b9f0df47776db7bea60f97298f corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.x86_64.rpm 22cb8925b104be9d571cf592a29064c3 corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.x86_64.rpm 0fb8d44ea77b337e4026e72ed4000bf8 corporate/4.0/x86_64/lib64apr1-1.2.7-1.1.20060mlcs4.x86_64.rpm ba0345c32bfe4376621334e36a62a1c0 corporate/4.0/x86_64/lib64apr1-devel-1.2.7-1.1.20060mlcs4.x86_64.rpm cbd9beef22028ade9ecf3d172c710ff1 corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.2.20060mlcs4.x86_64.rpm 5247ff1b281c9fa95ad547996f3bbb17 corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.2.20060mlcs4.x86_64.rpm 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: fe7bd17a4b8499027179f5f421fce92d mes5/i586/libapr1-1.3.3-2.1mdvmes5.i586.rpm ce82a19e9423f69bc380fc32e0e96a9d mes5/i586/libapr-devel-1.3.3-2.1mdvmes5.i586.rpm 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64: 744cad17495d753e07fed748ccab4c46 mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdvmes5.x86_64.rpm 4c70155fb19f486a19f048455e41e480 mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdvmes5.x86_64.rpm 278c7292a0432e0d6760639667ec6858 mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdvmes5.x86_64.rpm 0358fea0177405ccd625304c83715992 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdvmes5.x86_64.rpm a549b591b27f810ba898e75030f61398 mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdvmes5.x86_64.rpm fb02a789f8ec6081f01df92768cda441 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdvmes5.x86_64.rpm 4dbc88f0779d110f589ee60d7708e1e0 mes5/x86_64/lib64apr1-1.3.3-2.1mdvmes5.x86_64.rpm d591c7684cfd0d6a9a5ae749a3120f58 mes5/x86_64/lib64apr-devel-1.3.3-2.1mdvmes5.x86_64.rpm 6b946eebc0ff697faad4364beae260f8 mes5/x86_64/lib64apr-util1-1.3.4-2.2mdvmes5.x86_64.rpm 5c1f8dd8c2fcb0eb68bd1e24a25d1e22 mes5/x86_64/lib64apr-util-devel-1.3.4-2.2mdvmes5.x86_64.rpm 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm
Multi Network Firewall 2.0: 39d0747e39f45148c8540e76a272f219 mnf/2.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm 9c7677568ec7e3fab84ed224af029d6a mnf/2.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm 9f60f68aa326aaaa02cb6e9346ac0b7b mnf/2.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm a9051117cf2a34ed7cf9066e31d1767f mnf/2.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm ddc2cafb1a02ee501e5127a8731ea942 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm f3bbd229b347489f40b81419214c42bd mnf/2.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm cd19b116ef93c07f78efbe4393d2e3be mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm 5a2da72b9255a8c35f0ed877899f90eb mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm e940b8e3b2da880bca84ebc9f528b2e6 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm 5d713bee1985cc49c585b4289ee76f1e mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm f293fbf344f6fc55e92170518a710149 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm f4c48499cb6968a12a5250e3464a2b30 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm 997ea437e49903a014de32e61573de7a mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm fe5f16a62fc94177286445e9830cb6a6 mnf/2.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm 4eb89be3edc9f7dd0511e22d64baefe2 mnf/2.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm 64be98dcd021367f603e972cc40d6710 mnf/2.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm 5c5a7cb9305c8b0d469fc424931ae215 mnf/2.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFKesC1mqjQ0CJFipgRAvjJAJ9/hkPV+kb4tO2KHfjb2m+3nV+9+gCfQHvt uej6FdYjm8TitsZAK4BFOis= =IDO9 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1854-1 security@debian.org http://www.debian.org/security/ Florian Weimer August 08, 2009 http://www.debian.org/security/faq
Package : apr, apr-util Vulnerability : heap buffer overflow Debian-specific: no CVE Id(s) : CVE-2009-2412
Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.
For the old stable distribution (etch), this problem has been fixed in version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of the apr-util package.
For the stable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1 of the apr-util package.
For the unstable distribution (sid), this problem will be fixed soon.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Source archives:
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz Size/MD5 checksum: 643328 a3117be657f99e92316be40add59b9ff http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc Size/MD5 checksum: 1036 9dc256c005a7f544c4d5c410b226fb74 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz Size/MD5 checksum: 26613 021ef3aa5b3a9fc021779a0b6a6a4ec9 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz Size/MD5 checksum: 21651 e090ebfd7174c90bae4e4935a3d3db15 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz Size/MD5 checksum: 1102370 aea926cbe588f844ad9e317157d60175 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc Size/MD5 checksum: 856 89662625fd7a34ceb514087de869d918
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb Size/MD5 checksum: 121726 df1e2d6e8bf9ed485ad417fe274eb0e3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 83690 b5873275f420b15f9868ea0dde699c60 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb Size/MD5 checksum: 371668 4e8bd42151f3cdf8cee91c49599aab42 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 129158 5074639b4b0d9877ff29b96540fdfaec http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb Size/MD5 checksum: 185420 ddf84849ff3bee792dc187c6d21958bd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 148140 079cff06535a7e3f4e9a5d682d80bb1b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 72946 6b11e4b65bdf67981a091177d9644007 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 126156 b420f555d02504e0497a0ba3c27e0cac http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 127742 1606857f3291ccb10e038219f1f2eab3 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb Size/MD5 checksum: 187302 bb1a4aa5768fa012201ad1e72bc27e93 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb Size/MD5 checksum: 348120 b5d6b4e7c628dffe867159b54b6c82f1 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb Size/MD5 checksum: 111664 6b51dc29ea4defa975902d246188086f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 121504 3ba789c274f2ed7030aa286ea57dbb3d http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb Size/MD5 checksum: 175146 86ff258e9181fa424cb043dc22e2c0e0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 117302 97d701c8f9d6746eb14448bfde8e8588 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb Size/MD5 checksum: 104934 45a976662beb7ec3b15ee7c7a45f3de7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 66110 09c54142359236f50654bd9c7b375781 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb Size/MD5 checksum: 335520 14d06ecfb54247718b780c893df8f4cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 126186 9494353aa42e983a245af2890dd2c6d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 78668 60c87b0e86c1ed31deecddd88cdf5fa5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 133918 ae993c733053a326603c5b750505bee9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 116052 6238f10eb5077bb53b9664b82b985c40 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb Size/MD5 checksum: 338694 262cec472ec3aaeb1b4d38eebaa940c8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 68854 78ab4f6425153d8b746b99842994d555 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb Size/MD5 checksum: 109138 4aa254cacd4e95785ae823cedb1cce2f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 122136 4a16475bb5780625902c79069681ae74 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb Size/MD5 checksum: 180654 481471d06045a2e348b55de6dbdf5f94
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 156562 52761fff3e82e21728e0c6a79bf4508f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 99446 3ad58d882e434e39be525e7aa41d9e93 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb Size/MD5 checksum: 141894 5b7351a6b4c3765e3d76b9d22e04cf0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 118716 8c73712293cd4d9a5935aefd18a3e4c9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb Size/MD5 checksum: 171514 f474001e4f852a44af517b5d6f737a65 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb Size/MD5 checksum: 385514 76d0bbda16c749f6a5b40fd6297a180a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb Size/MD5 checksum: 188816 de1ecb467042d2c1891cc1d2f5db83d9 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130394 fc34d9b137c080b63374d809c1d6bf8b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130492 4d7cdffabbef214eeea0c02a346d0eb8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb Size/MD5 checksum: 357368 aab08f1596aead97cc48924ebf99c80e http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb Size/MD5 checksum: 112644 9c6d720999259453daaa13e8ec3c8336
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb Size/MD5 checksum: 186464 5b2392a143ff8a173a771b819377ab47 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 128052 02e3c278190e92d7131c275aab5f5c44 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb Size/MD5 checksum: 358010 480087a77642a8ff99a32bb323b62600 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 130712 50da703a75deb2ba87d4be171e80bd5b http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb Size/MD5 checksum: 113352 d363370bcba834268202db5271b20aa3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 70794 1f57c4362c286bd0d2df40d775690612
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 125106 92d5d46effd18aaa8e849254d9da8acd http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb Size/MD5 checksum: 348504 2f4f96652c28e3f5f1cfae8e5265ec83 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 130380 dacdce767bcff6b0ecbe66add6838e8b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb Size/MD5 checksum: 189780 ae1e23e3080fbfe3ba26b8acf9561d6c http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb Size/MD5 checksum: 113956 1e2ba4da9ee0775325b351887c182f52 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 72472 3a47c9eca3ec7b6f4e87609b3aca7f65
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 124802 cdd46922b57a51fedb25ae401d8dc753 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb Size/MD5 checksum: 121978 71edc1d101933b1a43a9c395427a4aed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 128570 f0f7d5dfecb61c6212e0803a325e8a01 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb Size/MD5 checksum: 186320 cca313c55848e6161810ff16fb71390f http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb Size/MD5 checksum: 349848 b9cbaa0a70b9bfa28d74ac4a6e107428 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 76668 f6b5e093ae1c3c5d4442e223115052de
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb Size/MD5 checksum: 338056 ab06437e18c1cc36dab35779cc4102d8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb Size/MD5 checksum: 103200 1c6f94d15f4e3052e9ed80fc232f96b5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117840 5f0671d301a9e2ea8020d0dcaa71a42b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 66374 668815a44c99c366ae8e3f624613932e http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb Size/MD5 checksum: 167962 f338f71eeb38be58c67d1ac0fd92d1ff http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117510 63dd9c471f24472eb46a5fd9dcb92077
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5 checksum: 1127522 020ea947446dca2d1210c099c7a4c837 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz Size/MD5 checksum: 12398 b407ff7dac7363278f4f060e121aa611 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc Size/MD5 checksum: 1530 dccceaa89d58074be3b7b7738a99756b http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz Size/MD5 checksum: 23138 a2222477de9ad92015416542a2c250ed http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc Size/MD5 checksum: 1284 4330306f892fd7c0950b1ccf2537b38d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 806236 3689d5ee779d3846fe67c9dad2f213dc http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 53204 92bb2e8a7c48e6f8437680e08607a3f7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 147658 edba141e93c382fbf0ab2bbec1dba899 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 158060 b80ad32790c6c8d89f0007a69d9ce0b8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 90740 c715b55d060a2d4e8d7684477d0b9014 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 121774 565a4fdd123d04698907456e40d4df0b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 54232 3f23cc38f68bbf926b801b82b3fea917 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 80046 f6158018f26ddd6369687b8f9f64aa75 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 114326 851cc08504589c09f08ec9e6efa52ef1 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 147928 136a5a5c0d558d8f252d1ed44efed217 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 133850 6b71ac477650c688863ef33fc58216a0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 825740 bf80dbc726c5b691b023e96e463ba88c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 818438 8e6c8a9964650a793e4a0e5ec51a8619 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 54912 a853d8175d2bee56c6f37aada02fc2ca http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 107790 85e0815ff8f340d99052a9c9f604cccd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 71112 20a4c9fd130c188166c0ebc6ceff5fcf http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 138982 c84f95cff9713ed403fae7b712456ade http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 124090 c4fc3663255a416725a69818e3523731
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 109676 e26ebffcc101ffc87963c9a65b3543f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 124626 4c34337eb3d1d55900a067f2c8412abc http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 821990 19c68f5f904bb3bbdfd44349f8544e83 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 55820 f39b0928bc4b91fb60bd6259c6ae6e02 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 70086 1d3032e0879ed1ea6fa2f04c34af1782 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 139434 e802e42577998c62fadfc335edb3b81a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 83668 3c8893214d7375303eaf1eec6e27212b http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 827762 2fd0d8dd54c92c828e42100bb8816b00 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 142916 14e1e2f8fa50b0eb1772f1e4bbc26e50 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 140872 7fef63f2cd282e44c51b5e69d94d8706 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 113954 926b8c39fee1787a94b3d6cc1c6d420b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 54332 18751dc2275828a126b2dbe568678f32
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 73814 2ef03972ed5b2232fe5782c4960bc362 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 54582 edc98ca59cebd14195602929def1da31 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 141438 5a54e1cac30640ca5e9922586d9983a8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 108882 075f37cd43e483d27ff0b94ad01f2d08 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 121138 fc2411e049936d12702713c82377c9e5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 809460 a5648e0404f1cb4244c156cf85bfe0f5
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 135404 8f7a4964b22e5e9e5297380c15d8818d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 170110 412b51e1e3c1ed4e309459dd17844e68 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 154362 2fc1441f28ef4f90446464627c8ef36d http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 837496 6862607faf59e42525f5205d8a967818 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 111140 12f0bf9e6264cc9c170c2b8365428cc0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 53428 a6a55d644fb58a0f7ea6a9b509cb71d0
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 110932 feb666e4f402bcb1954bc194c37496d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 147482 e2508cc75520518ccbe4c3a5cf0cc50c http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 56582 5134a012017e629239cc543fedf4edf3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 74584 2fbb1b76079126fd701f32e45a9cf7f0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 792650 126585d9fe0def77f7632f9d098eb11d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 136438 ae62dc1d5a32fac11615f4b67cfa4a6b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 56414 ecca7e3643ccb91fc962b886bdddbc0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 136390 d45f956c14ea9fe22b77bce3810c32b7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 144740 05411f88615592531468cdd89bb4b5d0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 74366 a15e15331a62f33d33481b7e53f07b48 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 792762 dc1e4748e106c82e9f8bf6c3ecce4a38 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 110974 a5dd28b5c9b3106da8e4c81abea6777d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 82512 f8a18fb94a4ef3cabec01c288a26eef5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 55708 555d64273f15c6ebd503b7cb84f0fb29 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 132338 66e77820b5b9d2a05d6df5c4ec2c76b0 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 116238 1a291989c32ea21ac8eef9ca51831fc5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 147180 cc9f274b349dbbb9ce9b69b0d0edf493 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 821948 fc3acf3dec16223caf6f932e8b7c0c01
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 126058 474bddd0f3c5a69cc21fc2d403fe90f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 148614 89cc7bb2619f28e5e6e9d0042050a924 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 133044 fb35625937e6fae551d97df283a32dd9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 787872 2dc32425bfbd17b841218064599d80ed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 85496 c41f2fdebd22ec066815211768dcdc3a http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 54414 c36fa2538d8077a8ef09842e07bd989a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 814624 613a70f3443404f5939e91e229d01d25 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 54370 4c12839718c73a2b96b607d77fcbc583 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 131706 5c2ad3da38aaaab8ac2c14656602c532 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 108712 c1f66be9c2daa447d5bfbd1f7639aada http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 72738 ec558ed4277ca676f07e3181ffad0335 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 124976 22385c13d934c3877ce2f9eeaa4584e3
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv U1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD vIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI UKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf F5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l RmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M= =704P -----END PGP SIGNATURE----- . Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows:
Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas.
Summary:
Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion.
Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update.
This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear).
Known vulnerable:
Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive).
Known fixed:
Subversion 1.6.4 Subversion 1.5.7
(Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.)
Details:
The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow.
Severity:
A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client.
Recommendations:
We recommend all users to upgrade to Subversion 1.6.4.
We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from http://www.apache.org/dist/apr/patches/.
New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html
References:
CVE-2009-2411 (Subversion) CVE-2009-2412 (APR)
Reported by:
Matt Lewis, Google.
Patches:
This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile):
[[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t *pool; };
+/ This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/ This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN)
/* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN.
This encoding uses the high bit of each byte as a continuation bit
and the other seven bits as data bits. High-order data bits are
@@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val) svn_filesize_t v; unsigned char cont;
- assert(val >= 0);
- SVN_ERR_ASSERT_NO_RETURN(val >= 0);
/ Figure out how many bytes we'll need. / v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val) n++; }
- SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) {
- char buf[128], *p;
- char buf[MAX_ENCODED_INT_LEN], *p;
p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t *op; apr_size_t len;
@@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t val, data is not compressed. /
static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t * / First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: " + "size too large")); / We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, ("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - ("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi
instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);
instout = svn_stringbuf_create("", pool);
- SVN_ERR(zlib_decode(instin, instout));
-
SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));
ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));
newlen = ndout->len; data = (unsigned char )instout->data; @@ -685,6 +712,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR;
-
if (tview_len > SVN_DELTA_WINDOW_SIZE ||
- sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
-
_("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream));
-
if (*tview_len > SVN_DELTA_WINDOW_SIZE ||
- *sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- *inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
- _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler / Functions for applying deltas. */
/ Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -557,8 +557,11 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(buf_size) >= buf_size); buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; }
@@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len)));
/ Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool));
/ Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t window, void b char *old_sbuf = ab->sbuf;
/* Make sure there's enough room. */
- size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool);
- SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len,
-
ab->pool));
/ If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]]
This patch applies to Subversion 1.5.x:
[[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t *pool; };
+/ This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/ This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN)
/* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN.
This encoding uses the high bit of each byte as a continuation bit
and the other seven bits as data bits. High-order data bits are
@@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val) n++; }
- assert(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) {
- char buf[128], *p;
- char buf[MAX_ENCODED_INT_LEN], *p;
p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t *op; apr_size_t len;
@@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t val, data is not compressed. /
static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t * / First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: " + "size too large")); / We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, ("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - ("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi
instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);
instout = svn_stringbuf_create("", pool);
- SVN_ERR(zlib_decode(instin, instout));
-
SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));
ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));
newlen = ndout->len; data = (unsigned char )instout->data; @@ -680,6 +707,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR;
-
if (tview_len > SVN_DELTA_WINDOW_SIZE ||
- sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
-
_("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream));
-
if (*tview_len > SVN_DELTA_WINDOW_SIZE ||
- *sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- *inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
- _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler / Functions for applying deltas. */
/ Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -507,8 +507,13 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + if (APR_ALIGN_DEFAULT(buf_size) < buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; }
@@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len)));
/ Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool));
/ Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t window, void b char *old_sbuf = ab->sbuf;
/* Make sure there's enough room. */
- size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool);
- SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len,
-
ab->pool));
/ If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]] . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/apr < 1.3.8 >= 1.3.8 2 dev-libs/apr-util < 1.3.9 >= 1.3.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. -------------------------------------------------------------------
Description
Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks.
Impact
A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Apache Portable Runtime users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8
All APR Utility Library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9
References
[ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-813-2 August 08, 2009 apache2 vulnerability CVE-2009-2412 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.7
After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes.
Details follow:
USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz
Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc
Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb
Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 229124 400d32297652e4976456cb7b367cc435
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 37096 2756f162320b3b183c7447dad130cff9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 37098 15db8827569af434025942a84e77b381
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 262652 93f2171d69072153264cab51860f781c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 804250 3a780a65322c539717e93a64792acc16
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200908-0708",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.8"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.7"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.5"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.6"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.1"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.7"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.7-dev"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.3.6"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "0.9.16"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.3.7"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.8"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.4"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4-dev"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6-dev"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.8"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.5"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.5"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.8"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2-dev"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6-dev"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.9"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.6"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.7-dev"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.5"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.9"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2-dev"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3-dev"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.16-dev"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.1"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.4"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4-dev"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3-dev"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.64"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "0.9.x"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3.x"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "0.9.x"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3.x"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.x"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2.39"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2.39"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.1"
},
{
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"model": "turbolinux fuji",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "( extended maintenance )"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "interscan messaging security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "7.x"
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "7.0"
},
{
"model": "trendmicro interscan messaging security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "7.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.3.z (server)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux eus 5.3.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux es 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux as 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20080"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.3.1"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9.17"
},
{
"model": "apr-util",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9.7"
},
{
"model": "portable runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "2.2.7-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "2.2.6-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "opensolaris build snv 122",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
}
],
"sources": [
{
"db": "BID",
"id": "35949"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Lewis\u203b mattlewis@google.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2412",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-2412",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2412",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200908-530",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and \u0027APR-util\u0027 are prone to multiple integer-overflow vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. \n \n This update provides fixes for these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.1:\n bd5757bce0a8299edcf7dcc3e2980964 2008.1/i586/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.i586.rpm\n 50ba5cc45e1f72e8219addc0df369ca4 2008.1/i586/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.i586.rpm\n 1cb0f643e4084741afefb8d25d975062 2008.1/i586/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.i586.rpm\n 23990e6d23f02addecd2d3dcd7d68baf 2008.1/i586/libapr1-1.2.12-3.1mdv2008.1.i586.rpm\n 002cebd9b1e101cc487490fb5e1de4b9 2008.1/i586/libapr-devel-1.2.12-3.1mdv2008.1.i586.rpm\n 178584e4fee60428188b4f8be39e8b22 2008.1/i586/libapr-util1-1.2.12-4.2mdv2008.1.i586.rpm\n d718e18960ee01edbfc9cf99cb335604 2008.1/i586/libapr-util-devel-1.2.12-4.2mdv2008.1.i586.rpm \n bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm\n dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6a9a81c520c8e30b5f8fbbe54d185dff 2008.1/x86_64/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.x86_64.rpm\n cc9d7917d41f5ca317d2942c2d14c859 2008.1/x86_64/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.x86_64.rpm\n 016e48025c0fec50db868ba23d20140e 2008.1/x86_64/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.x86_64.rpm\n 6ee3859a30eab3399275b29356df5727 2008.1/x86_64/lib64apr1-1.2.12-3.1mdv2008.1.x86_64.rpm\n 766f74618ab9532eef5ab40f94112579 2008.1/x86_64/lib64apr-devel-1.2.12-3.1mdv2008.1.x86_64.rpm\n 6e57aa1381b9af730eec5f313f8d5d79 2008.1/x86_64/lib64apr-util1-1.2.12-4.2mdv2008.1.x86_64.rpm\n 6fda7ebf5640ad5ad9ba0d2d1169dbc9 2008.1/x86_64/lib64apr-util-devel-1.2.12-4.2mdv2008.1.x86_64.rpm \n bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm\n dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2009.0:\n 89786c5904cee8d22c5140528d412a1c 2009.0/i586/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.i586.rpm\n 19df90719d15def384b7aec1efc5dcd8 2009.0/i586/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.i586.rpm\n e164acf4668fd239f2801698e3dc9aa4 2009.0/i586/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.i586.rpm\n 70f55ca514ef15778001082f3c51a9fd 2009.0/i586/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.i586.rpm\n 85135d9490be22fc56a897cf9d5fba7e 2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.i586.rpm\n 424d3a8896bc70503a69dc8c4d9882a9 2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.i586.rpm\n 586edd704499f119527638f0f1913614 2009.0/i586/libapr1-1.3.3-2.1mdv2009.0.i586.rpm\n f5065323fca63075434ce1eb850e3c01 2009.0/i586/libapr-devel-1.3.3-2.1mdv2009.0.i586.rpm\n 4aba7262b561a1d67187c799cd06a138 2009.0/i586/libapr-util1-1.3.4-2.2mdv2009.0.i586.rpm\n a125fa8529bd8dd79ada83747c23f9d4 2009.0/i586/libapr-util-devel-1.3.4-2.2mdv2009.0.i586.rpm \n 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm\n 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 667ffab851dd6babd31700a5d9c113a7 2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.x86_64.rpm\n 08089224bb9da997752624d85c229251 2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.x86_64.rpm\n 7ce1a16bc3e35fc4a3dcb8a1e148c05b 2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.x86_64.rpm\n 075dbc136d3110952d54f9a85761c1b6 2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.x86_64.rpm\n 90edf3ec758ed79a7973a36141ddc295 2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.x86_64.rpm\n f15ee7ff2b203c436eab2d7e4c118a1d 2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.x86_64.rpm\n 2b0529a353e38a0eda5f8d08ecf95554 2009.0/x86_64/lib64apr1-1.3.3-2.1mdv2009.0.x86_64.rpm\n 524773745dfeb06cd86e7149723c6cbe 2009.0/x86_64/lib64apr-devel-1.3.3-2.1mdv2009.0.x86_64.rpm\n 3e7bc1d3e713ba5893c34215ee93f932 2009.0/x86_64/lib64apr-util1-1.3.4-2.2mdv2009.0.x86_64.rpm\n 44be6021b3db277a5993f488b02074db 2009.0/x86_64/lib64apr-util-devel-1.3.4-2.2mdv2009.0.x86_64.rpm \n 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm\n 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 0b3427fcb40fcd8e068eb81e8de67685 2009.1/i586/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.i586.rpm\n 77e215797fc02c290e59ce072a36fffc 2009.1/i586/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.i586.rpm\n 05d1106df36459a7a40ecb11d5560c61 2009.1/i586/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.i586.rpm\n 97adcfda40750873588942a9ab0e5e3c 2009.1/i586/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.i586.rpm\n 1b9379f8d6ec49908d43d4228ecbee66 2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.i586.rpm\n a5e5bb25d2e370e22f274482afe74fd8 2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.i586.rpm\n 1f907eab0d93dd413086f0943988284c 2009.1/i586/libapr1-1.3.3-5.1mdv2009.1.i586.rpm\n a6992c671c7352c2965f46abced93b8a 2009.1/i586/libapr-devel-1.3.3-5.1mdv2009.1.i586.rpm\n e748ca10352eaa46ef2514ce8718674b 2009.1/i586/libapr-util1-1.3.4-9.2mdv2009.1.i586.rpm\n 73afb8eabe81ae8be63f1ba9d8fc3bf2 2009.1/i586/libapr-util-devel-1.3.4-9.2mdv2009.1.i586.rpm \n 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm\n 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n f0b10ee44c9092605ad1137a46e4955c 2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.x86_64.rpm\n 98247a74314a56b6f4097a9943e236c0 2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.x86_64.rpm\n 2e0d895eb1b93c2518436ab4c678da23 2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.x86_64.rpm\n 8269586d2608f6e79eff11de7bda333e 2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.x86_64.rpm\n 489b31861a5fabd272348ca224e4d9b4 2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.x86_64.rpm\n b1164ff6f2e06bfcada083e9d11c1595 2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.x86_64.rpm\n 257e2b240479fb7c472efa7de7ee11c8 2009.1/x86_64/lib64apr1-1.3.3-5.1mdv2009.1.x86_64.rpm\n 222f5f44d9600dcf593923ea6422d47e 2009.1/x86_64/lib64apr-devel-1.3.3-5.1mdv2009.1.x86_64.rpm\n 99ef537b486eccad55d8f0d79f37abbd 2009.1/x86_64/lib64apr-util1-1.3.4-9.2mdv2009.1.x86_64.rpm\n 9d9e0933f57289530059e5a9b3e42e1c 2009.1/x86_64/lib64apr-util-devel-1.3.4-9.2mdv2009.1.x86_64.rpm \n 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm\n 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm\n\n Corporate 3.0:\n 39d0747e39f45148c8540e76a272f219 corporate/3.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm\n 9c7677568ec7e3fab84ed224af029d6a corporate/3.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm\n 9f60f68aa326aaaa02cb6e9346ac0b7b corporate/3.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm\n a9051117cf2a34ed7cf9066e31d1767f corporate/3.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm\n ddc2cafb1a02ee501e5127a8731ea942 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm\n f3bbd229b347489f40b81419214c42bd corporate/3.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm\n cd19b116ef93c07f78efbe4393d2e3be corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm\n 5a2da72b9255a8c35f0ed877899f90eb corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm\n e940b8e3b2da880bca84ebc9f528b2e6 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm\n 5d713bee1985cc49c585b4289ee76f1e corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm\n f293fbf344f6fc55e92170518a710149 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm\n f4c48499cb6968a12a5250e3464a2b30 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm\n 997ea437e49903a014de32e61573de7a corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm\n fe5f16a62fc94177286445e9830cb6a6 corporate/3.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm\n 4eb89be3edc9f7dd0511e22d64baefe2 corporate/3.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm\n 64be98dcd021367f603e972cc40d6710 corporate/3.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm \n 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n c84b780216da90735018f37b8d606ad9 corporate/3.0/x86_64/apache2-2.0.48-6.22.C30mdk.x86_64.rpm\n 079ef7c187ea63bdfdb7b2f8e0c7ed85 corporate/3.0/x86_64/apache2-common-2.0.48-6.22.C30mdk.x86_64.rpm\n 78d8764d894dcf4821e3014b3bf0a1c2 corporate/3.0/x86_64/apache2-devel-2.0.48-6.22.C30mdk.x86_64.rpm\n e938351292eaf95bad5937066e071f6e corporate/3.0/x86_64/apache2-manual-2.0.48-6.22.C30mdk.x86_64.rpm\n b7b0c47891c1da19b9bfedd5eaeb5a12 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 14603191e70ea26450ad9f5254f1eff8 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.22.C30mdk.x86_64.rpm\n f49c1f32bfa9b325836e28f7078d3897 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.22.C30mdk.x86_64.rpm\n 0d8058c7d57105b18e97579817872d95 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 09b7bdc4907e672ee9b83a9f0ed2fb13 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 90a9565c923530b22f4141d2a186972b corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.22.C30mdk.x86_64.rpm\n 0f244810519460074938138d87a11997 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 0836106477de3d26f4c31a595c996cdc corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.22.C30mdk.x86_64.rpm\n 353d05dfc30072a39f3597c39454f331 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.22.C30mdk.x86_64.rpm\n 1234e8bf94a4ddf65cf225aaf4367937 corporate/3.0/x86_64/apache2-modules-2.0.48-6.22.C30mdk.x86_64.rpm\n fbb25973021e327262cc152fd46996cc corporate/3.0/x86_64/apache2-source-2.0.48-6.22.C30mdk.x86_64.rpm\n 0520ca7c45963a2e2e26d8e3b5f63c41 corporate/3.0/x86_64/lib64apr0-2.0.48-6.22.C30mdk.x86_64.rpm \n 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm\n\n Corporate 4.0:\n 59bb8b01944e22319fcd4a0202bdffd9 corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.i586.rpm\n 75fc1a2cbde6e0426f3f59cfd099b3b1 corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.i586.rpm\n 73cbae192430eca396ba79f548437cc1 corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.i586.rpm\n 09726634b12dc2afc37d292853cfb28c corporate/4.0/i586/libapr1-1.2.7-1.1.20060mlcs4.i586.rpm\n cbfbe3652be9a6986f5f672034b84dc0 corporate/4.0/i586/libapr1-devel-1.2.7-1.1.20060mlcs4.i586.rpm\n 0733be6b968d4cbcce3494afe962ea12 corporate/4.0/i586/libapr-util1-1.2.7-6.2.20060mlcs4.i586.rpm\n 725117e7948c43a6fb72f51966d6dd79 corporate/4.0/i586/libapr-util1-devel-1.2.7-6.2.20060mlcs4.i586.rpm \n 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm\n e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 09e54e8fb5df6737dc1b00440d31d5c7 corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 766214b9f0df47776db7bea60f97298f corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 22cb8925b104be9d571cf592a29064c3 corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 0fb8d44ea77b337e4026e72ed4000bf8 corporate/4.0/x86_64/lib64apr1-1.2.7-1.1.20060mlcs4.x86_64.rpm\n ba0345c32bfe4376621334e36a62a1c0 corporate/4.0/x86_64/lib64apr1-devel-1.2.7-1.1.20060mlcs4.x86_64.rpm\n cbd9beef22028ade9ecf3d172c710ff1 corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 5247ff1b281c9fa95ad547996f3bbb17 corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.2.20060mlcs4.x86_64.rpm \n 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm\n e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n fe7bd17a4b8499027179f5f421fce92d mes5/i586/libapr1-1.3.3-2.1mdvmes5.i586.rpm\n ce82a19e9423f69bc380fc32e0e96a9d mes5/i586/libapr-devel-1.3.3-2.1mdvmes5.i586.rpm \n 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 744cad17495d753e07fed748ccab4c46 mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdvmes5.x86_64.rpm\n 4c70155fb19f486a19f048455e41e480 mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdvmes5.x86_64.rpm\n 278c7292a0432e0d6760639667ec6858 mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdvmes5.x86_64.rpm\n 0358fea0177405ccd625304c83715992 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdvmes5.x86_64.rpm\n a549b591b27f810ba898e75030f61398 mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdvmes5.x86_64.rpm\n fb02a789f8ec6081f01df92768cda441 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdvmes5.x86_64.rpm\n 4dbc88f0779d110f589ee60d7708e1e0 mes5/x86_64/lib64apr1-1.3.3-2.1mdvmes5.x86_64.rpm\n d591c7684cfd0d6a9a5ae749a3120f58 mes5/x86_64/lib64apr-devel-1.3.3-2.1mdvmes5.x86_64.rpm\n 6b946eebc0ff697faad4364beae260f8 mes5/x86_64/lib64apr-util1-1.3.4-2.2mdvmes5.x86_64.rpm\n 5c1f8dd8c2fcb0eb68bd1e24a25d1e22 mes5/x86_64/lib64apr-util-devel-1.3.4-2.2mdvmes5.x86_64.rpm \n 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm\n\n Multi Network Firewall 2.0:\n 39d0747e39f45148c8540e76a272f219 mnf/2.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm\n 9c7677568ec7e3fab84ed224af029d6a mnf/2.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm\n 9f60f68aa326aaaa02cb6e9346ac0b7b mnf/2.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm\n a9051117cf2a34ed7cf9066e31d1767f mnf/2.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm\n ddc2cafb1a02ee501e5127a8731ea942 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm\n f3bbd229b347489f40b81419214c42bd mnf/2.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm\n cd19b116ef93c07f78efbe4393d2e3be mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm\n 5a2da72b9255a8c35f0ed877899f90eb mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm\n e940b8e3b2da880bca84ebc9f528b2e6 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm\n 5d713bee1985cc49c585b4289ee76f1e mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm\n f293fbf344f6fc55e92170518a710149 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm\n f4c48499cb6968a12a5250e3464a2b30 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm\n 997ea437e49903a014de32e61573de7a mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm\n fe5f16a62fc94177286445e9830cb6a6 mnf/2.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm\n 4eb89be3edc9f7dd0511e22d64baefe2 mnf/2.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm\n 64be98dcd021367f603e972cc40d6710 mnf/2.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm \n 5c5a7cb9305c8b0d469fc424931ae215 mnf/2.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFKesC1mqjQ0CJFipgRAvjJAJ9/hkPV+kb4tO2KHfjb2m+3nV+9+gCfQHvt\nuej6FdYjm8TitsZAK4BFOis=\n=IDO9\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1854-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 08, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apr, apr-util\nVulnerability : heap buffer overflow\nDebian-specific: no\nCVE Id(s) : CVE-2009-2412\n\nMatt Lewis discovered that the memory management code in the Apache\nPortable Runtime (APR) library does not guard against a wrap-around\nduring size computations. This could cause the library to return a\nmemory area which smaller than requested, resulting a heap overflow\nand possibly arbitrary code execution. \n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of\nthe apr-util package. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1\nof the apr-util package. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz\n Size/MD5 checksum: 643328 a3117be657f99e92316be40add59b9ff\n http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc\n Size/MD5 checksum: 1036 9dc256c005a7f544c4d5c410b226fb74\n http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz\n Size/MD5 checksum: 26613 021ef3aa5b3a9fc021779a0b6a6a4ec9\n http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz\n Size/MD5 checksum: 21651 e090ebfd7174c90bae4e4935a3d3db15\n http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz\n Size/MD5 checksum: 1102370 aea926cbe588f844ad9e317157d60175\n http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc\n Size/MD5 checksum: 856 89662625fd7a34ceb514087de869d918\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb\n Size/MD5 checksum: 121726 df1e2d6e8bf9ed485ad417fe274eb0e3\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb\n Size/MD5 checksum: 83690 b5873275f420b15f9868ea0dde699c60\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb\n Size/MD5 checksum: 371668 4e8bd42151f3cdf8cee91c49599aab42\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb\n Size/MD5 checksum: 129158 5074639b4b0d9877ff29b96540fdfaec\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb\n Size/MD5 checksum: 185420 ddf84849ff3bee792dc187c6d21958bd\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb\n Size/MD5 checksum: 148140 079cff06535a7e3f4e9a5d682d80bb1b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb\n Size/MD5 checksum: 72946 6b11e4b65bdf67981a091177d9644007\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb\n Size/MD5 checksum: 126156 b420f555d02504e0497a0ba3c27e0cac\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb\n Size/MD5 checksum: 127742 1606857f3291ccb10e038219f1f2eab3\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb\n Size/MD5 checksum: 187302 bb1a4aa5768fa012201ad1e72bc27e93\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb\n Size/MD5 checksum: 348120 b5d6b4e7c628dffe867159b54b6c82f1\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb\n Size/MD5 checksum: 111664 6b51dc29ea4defa975902d246188086f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb\n Size/MD5 checksum: 121504 3ba789c274f2ed7030aa286ea57dbb3d\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb\n Size/MD5 checksum: 175146 86ff258e9181fa424cb043dc22e2c0e0\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb\n Size/MD5 checksum: 117302 97d701c8f9d6746eb14448bfde8e8588\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb\n Size/MD5 checksum: 104934 45a976662beb7ec3b15ee7c7a45f3de7\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb\n Size/MD5 checksum: 66110 09c54142359236f50654bd9c7b375781\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb\n Size/MD5 checksum: 335520 14d06ecfb54247718b780c893df8f4cc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb\n Size/MD5 checksum: 126186 9494353aa42e983a245af2890dd2c6d7\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb\n Size/MD5 checksum: 78668 60c87b0e86c1ed31deecddd88cdf5fa5\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb\n Size/MD5 checksum: 133918 ae993c733053a326603c5b750505bee9\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb\n Size/MD5 checksum: 116052 6238f10eb5077bb53b9664b82b985c40\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb\n Size/MD5 checksum: 338694 262cec472ec3aaeb1b4d38eebaa940c8\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb\n Size/MD5 checksum: 68854 78ab4f6425153d8b746b99842994d555\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb\n Size/MD5 checksum: 109138 4aa254cacd4e95785ae823cedb1cce2f\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb\n Size/MD5 checksum: 122136 4a16475bb5780625902c79069681ae74\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb\n Size/MD5 checksum: 180654 481471d06045a2e348b55de6dbdf5f94\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb\n Size/MD5 checksum: 156562 52761fff3e82e21728e0c6a79bf4508f\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb\n Size/MD5 checksum: 99446 3ad58d882e434e39be525e7aa41d9e93\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb\n Size/MD5 checksum: 141894 5b7351a6b4c3765e3d76b9d22e04cf0e\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb\n Size/MD5 checksum: 118716 8c73712293cd4d9a5935aefd18a3e4c9\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb\n Size/MD5 checksum: 171514 f474001e4f852a44af517b5d6f737a65\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb\n Size/MD5 checksum: 385514 76d0bbda16c749f6a5b40fd6297a180a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb\n Size/MD5 checksum: 188816 de1ecb467042d2c1891cc1d2f5db83d9\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb\n Size/MD5 checksum: 130394 fc34d9b137c080b63374d809c1d6bf8b\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb\n Size/MD5 checksum: 130492 4d7cdffabbef214eeea0c02a346d0eb8\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb\n Size/MD5 checksum: 70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb\n Size/MD5 checksum: 357368 aab08f1596aead97cc48924ebf99c80e\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb\n Size/MD5 checksum: 112644 9c6d720999259453daaa13e8ec3c8336\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb\n Size/MD5 checksum: 186464 5b2392a143ff8a173a771b819377ab47\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb\n Size/MD5 checksum: 128052 02e3c278190e92d7131c275aab5f5c44\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb\n Size/MD5 checksum: 358010 480087a77642a8ff99a32bb323b62600\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb\n Size/MD5 checksum: 130712 50da703a75deb2ba87d4be171e80bd5b\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb\n Size/MD5 checksum: 113352 d363370bcba834268202db5271b20aa3\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb\n Size/MD5 checksum: 70794 1f57c4362c286bd0d2df40d775690612\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb\n Size/MD5 checksum: 125106 92d5d46effd18aaa8e849254d9da8acd\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb\n Size/MD5 checksum: 348504 2f4f96652c28e3f5f1cfae8e5265ec83\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb\n Size/MD5 checksum: 130380 dacdce767bcff6b0ecbe66add6838e8b\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb\n Size/MD5 checksum: 189780 ae1e23e3080fbfe3ba26b8acf9561d6c\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb\n Size/MD5 checksum: 113956 1e2ba4da9ee0775325b351887c182f52\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb\n Size/MD5 checksum: 72472 3a47c9eca3ec7b6f4e87609b3aca7f65\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb\n Size/MD5 checksum: 124802 cdd46922b57a51fedb25ae401d8dc753\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb\n Size/MD5 checksum: 121978 71edc1d101933b1a43a9c395427a4aed\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb\n Size/MD5 checksum: 128570 f0f7d5dfecb61c6212e0803a325e8a01\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb\n Size/MD5 checksum: 186320 cca313c55848e6161810ff16fb71390f\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb\n Size/MD5 checksum: 349848 b9cbaa0a70b9bfa28d74ac4a6e107428\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb\n Size/MD5 checksum: 76668 f6b5e093ae1c3c5d4442e223115052de\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb\n Size/MD5 checksum: 338056 ab06437e18c1cc36dab35779cc4102d8\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb\n Size/MD5 checksum: 103200 1c6f94d15f4e3052e9ed80fc232f96b5\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb\n Size/MD5 checksum: 117840 5f0671d301a9e2ea8020d0dcaa71a42b\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb\n Size/MD5 checksum: 66374 668815a44c99c366ae8e3f624613932e\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb\n Size/MD5 checksum: 167962 f338f71eeb38be58c67d1ac0fd92d1ff\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb\n Size/MD5 checksum: 117510 63dd9c471f24472eb46a5fd9dcb92077\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz\n Size/MD5 checksum: 1127522 020ea947446dca2d1210c099c7a4c837\n http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz\n Size/MD5 checksum: 12398 b407ff7dac7363278f4f060e121aa611\n http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz\n Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb\n http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc\n Size/MD5 checksum: 1530 dccceaa89d58074be3b7b7738a99756b\n http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz\n Size/MD5 checksum: 23138 a2222477de9ad92015416542a2c250ed\n http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc\n Size/MD5 checksum: 1284 4330306f892fd7c0950b1ccf2537b38d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb\n Size/MD5 checksum: 806236 3689d5ee779d3846fe67c9dad2f213dc\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb\n Size/MD5 checksum: 53204 92bb2e8a7c48e6f8437680e08607a3f7\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb\n Size/MD5 checksum: 147658 edba141e93c382fbf0ab2bbec1dba899\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb\n Size/MD5 checksum: 158060 b80ad32790c6c8d89f0007a69d9ce0b8\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb\n Size/MD5 checksum: 90740 c715b55d060a2d4e8d7684477d0b9014\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb\n Size/MD5 checksum: 121774 565a4fdd123d04698907456e40d4df0b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb\n Size/MD5 checksum: 54232 3f23cc38f68bbf926b801b82b3fea917\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb\n Size/MD5 checksum: 80046 f6158018f26ddd6369687b8f9f64aa75\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb\n Size/MD5 checksum: 114326 851cc08504589c09f08ec9e6efa52ef1\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb\n Size/MD5 checksum: 147928 136a5a5c0d558d8f252d1ed44efed217\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb\n Size/MD5 checksum: 133850 6b71ac477650c688863ef33fc58216a0\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb\n Size/MD5 checksum: 825740 bf80dbc726c5b691b023e96e463ba88c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb\n Size/MD5 checksum: 818438 8e6c8a9964650a793e4a0e5ec51a8619\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb\n Size/MD5 checksum: 54912 a853d8175d2bee56c6f37aada02fc2ca\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb\n Size/MD5 checksum: 107790 85e0815ff8f340d99052a9c9f604cccd\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb\n Size/MD5 checksum: 71112 20a4c9fd130c188166c0ebc6ceff5fcf\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb\n Size/MD5 checksum: 138982 c84f95cff9713ed403fae7b712456ade\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb\n Size/MD5 checksum: 124090 c4fc3663255a416725a69818e3523731\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb\n Size/MD5 checksum: 109676 e26ebffcc101ffc87963c9a65b3543f6\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb\n Size/MD5 checksum: 124626 4c34337eb3d1d55900a067f2c8412abc\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb\n Size/MD5 checksum: 821990 19c68f5f904bb3bbdfd44349f8544e83\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb\n Size/MD5 checksum: 55820 f39b0928bc4b91fb60bd6259c6ae6e02\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb\n Size/MD5 checksum: 70086 1d3032e0879ed1ea6fa2f04c34af1782\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb\n Size/MD5 checksum: 139434 e802e42577998c62fadfc335edb3b81a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb\n Size/MD5 checksum: 83668 3c8893214d7375303eaf1eec6e27212b\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb\n Size/MD5 checksum: 827762 2fd0d8dd54c92c828e42100bb8816b00\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb\n Size/MD5 checksum: 142916 14e1e2f8fa50b0eb1772f1e4bbc26e50\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb\n Size/MD5 checksum: 140872 7fef63f2cd282e44c51b5e69d94d8706\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb\n Size/MD5 checksum: 113954 926b8c39fee1787a94b3d6cc1c6d420b\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb\n Size/MD5 checksum: 54332 18751dc2275828a126b2dbe568678f32\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb\n Size/MD5 checksum: 73814 2ef03972ed5b2232fe5782c4960bc362\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb\n Size/MD5 checksum: 54582 edc98ca59cebd14195602929def1da31\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb\n Size/MD5 checksum: 141438 5a54e1cac30640ca5e9922586d9983a8\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb\n Size/MD5 checksum: 108882 075f37cd43e483d27ff0b94ad01f2d08\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb\n Size/MD5 checksum: 121138 fc2411e049936d12702713c82377c9e5\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb\n Size/MD5 checksum: 809460 a5648e0404f1cb4244c156cf85bfe0f5\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb\n Size/MD5 checksum: 135404 8f7a4964b22e5e9e5297380c15d8818d\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb\n Size/MD5 checksum: 170110 412b51e1e3c1ed4e309459dd17844e68\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb\n Size/MD5 checksum: 154362 2fc1441f28ef4f90446464627c8ef36d\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb\n Size/MD5 checksum: 837496 6862607faf59e42525f5205d8a967818\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb\n Size/MD5 checksum: 111140 12f0bf9e6264cc9c170c2b8365428cc0\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb\n Size/MD5 checksum: 53428 a6a55d644fb58a0f7ea6a9b509cb71d0\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb\n Size/MD5 checksum: 110932 feb666e4f402bcb1954bc194c37496d7\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb\n Size/MD5 checksum: 147482 e2508cc75520518ccbe4c3a5cf0cc50c\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb\n Size/MD5 checksum: 56582 5134a012017e629239cc543fedf4edf3\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb\n Size/MD5 checksum: 74584 2fbb1b76079126fd701f32e45a9cf7f0\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb\n Size/MD5 checksum: 792650 126585d9fe0def77f7632f9d098eb11d\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb\n Size/MD5 checksum: 136438 ae62dc1d5a32fac11615f4b67cfa4a6b\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb\n Size/MD5 checksum: 56414 ecca7e3643ccb91fc962b886bdddbc0e\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb\n Size/MD5 checksum: 136390 d45f956c14ea9fe22b77bce3810c32b7\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb\n Size/MD5 checksum: 144740 05411f88615592531468cdd89bb4b5d0\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb\n Size/MD5 checksum: 74366 a15e15331a62f33d33481b7e53f07b48\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb\n Size/MD5 checksum: 792762 dc1e4748e106c82e9f8bf6c3ecce4a38\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb\n Size/MD5 checksum: 110974 a5dd28b5c9b3106da8e4c81abea6777d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb\n Size/MD5 checksum: 82512 f8a18fb94a4ef3cabec01c288a26eef5\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb\n Size/MD5 checksum: 55708 555d64273f15c6ebd503b7cb84f0fb29\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb\n Size/MD5 checksum: 132338 66e77820b5b9d2a05d6df5c4ec2c76b0\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb\n Size/MD5 checksum: 116238 1a291989c32ea21ac8eef9ca51831fc5\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb\n Size/MD5 checksum: 147180 cc9f274b349dbbb9ce9b69b0d0edf493\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb\n Size/MD5 checksum: 821948 fc3acf3dec16223caf6f932e8b7c0c01\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb\n Size/MD5 checksum: 126058 474bddd0f3c5a69cc21fc2d403fe90f6\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb\n Size/MD5 checksum: 148614 89cc7bb2619f28e5e6e9d0042050a924\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb\n Size/MD5 checksum: 133044 fb35625937e6fae551d97df283a32dd9\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb\n Size/MD5 checksum: 787872 2dc32425bfbd17b841218064599d80ed\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb\n Size/MD5 checksum: 85496 c41f2fdebd22ec066815211768dcdc3a\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb\n Size/MD5 checksum: 54414 c36fa2538d8077a8ef09842e07bd989a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb\n Size/MD5 checksum: 814624 613a70f3443404f5939e91e229d01d25\n http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb\n Size/MD5 checksum: 54370 4c12839718c73a2b96b607d77fcbc583\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb\n Size/MD5 checksum: 131706 5c2ad3da38aaaab8ac2c14656602c532\n http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb\n Size/MD5 checksum: 108712 c1f66be9c2daa447d5bfbd1f7639aada\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb\n Size/MD5 checksum: 72738 ec558ed4277ca676f07e3181ffad0335\n http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb\n Size/MD5 checksum: 124976 22385c13d934c3877ce2f9eeaa4584e3\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv\nU1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD\nvIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI\nUKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf\nF5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l\nRmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M=\n=704P\n-----END PGP SIGNATURE-----\n. Subversion clients and servers, versions 1.6.0 - 1.6.3 and all\nversions \u003c 1.5.7, are vulnerable to several heap overflow problems\nwhich may lead to remote code execution. The official advisory\n(mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt)\nfollows:\n\n\n Subversion clients and servers up to 1.6.3 (inclusive) have heap\n overflow issues in the parsing of binary deltas. \n\nSummary:\n========\n\n Subversion clients and servers have multiple heap overflow issues in\n the parsing of binary deltas. This is related to an allocation\n vulnerability in the APR library used by Subversion. \n\n Clients with commit access to a vulnerable server can cause a remote\n heap overflow; servers can cause a heap overflow on vulnerable\n clients that try to do a checkout or update. \n\n This can lead to a DoS (an exploit has been tested) and to arbitrary\n code execution (no exploit tested, but the possibility is clear). \n\nKnown vulnerable:\n=================\n\n Subversion clients and servers \u003c= 1.5.6. \n Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). \n\nKnown fixed:\n============\n\n Subversion 1.6.4\n Subversion 1.5.7\n\n (Search for \"Patch\" below to see the patches from 1.6.3 -\u003e 1.6.4 and\n 1.5.6 -\u003e 1.5.7. Search for \"Recommendations\" to get URLs for the\n 1.6.4 release and associated APR library patch.)\n\nDetails:\n========\n\n The libsvn_delta library does not contain sufficient input validation\n of svndiff streams. If a stream with large windows is processed,\n one of several integer overflows may lead to some boundary checks\n incorrectly passing, which in turn can lead to a heap overflow. \n\nSeverity:\n=========\n\n A remote attacker with commit access to repository may be able to\n execute code on a Subversion server. A malicious server may be able to\n execute code on a Subversion client. \n\nRecommendations:\n================\n\n We recommend all users to upgrade to Subversion 1.6.4. \n\n We recommend all users to upgrade to the latest versions of APR and\n APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR\n installation from \u003chttp://www.apache.org/dist/apr/patches/\u003e. \n\n New Subversion packages can be found at:\n http://subversion.tigris.org/project_packages.html\n\nReferences:\n===========\n\n CVE-2009-2411 (Subversion)\n CVE-2009-2412 (APR)\n\nReported by:\n============\n\n Matt Lewis, Google. \n\nPatches:\n========\n\n This patch applies to Subversion 1.6.x (apply with patch -p0 \u003c patchfile):\n\n[[[\nIndex: subversion/libsvn_delta/svndiff.c\n===================================================================\n--- subversion/libsvn_delta/svndiff.c (revision 38519)\n+++ subversion/libsvn_delta/svndiff.c (working copy)\n@@ -60,10 +60,23 @@ struct encoder_baton {\n apr_pool_t *pool;\n };\n\n+/* This is at least as big as the largest size of an integer that\n+ encode_int can generate; it is sufficient for creating buffers for\n+ it to write into. This assumes that integers are at most 64 bits,\n+ and so 10 bytes (with 7 bits of information each) are sufficient to\n+ represent them. */\n+#define MAX_ENCODED_INT_LEN 10\n+/* This is at least as big as the largest size for a single instruction. */\n+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)\n+/* This is at least as big as the largest possible instructions\n+ section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE\n+ 1-byte copy-from-source instructions (though this is very unlikely). */\n+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)\n\n /* Encode VAL into the buffer P using the variable-length svndiff\n integer format. Return the incremented value of P after the\n- encoded bytes have been written. \n+ encoded bytes have been written. P must point to a buffer of size\n+ at least MAX_ENCODED_INT_LEN. \n\n This encoding uses the high bit of each byte as a continuation bit\n and the other seven bits as data bits. High-order data bits are\n@@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val)\n svn_filesize_t v;\n unsigned char cont;\n\n- assert(val \u003e= 0);\n+ SVN_ERR_ASSERT_NO_RETURN(val \u003e= 0);\n\n /* Figure out how many bytes we\u0027ll need. */\n v = val \u003e\u003e 7;\n@@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val)\n n++;\n }\n\n+ SVN_ERR_ASSERT_NO_RETURN(n \u003c= MAX_ENCODED_INT_LEN);\n+\n /* Encode the remaining bytes; n is always the number of bytes\n coming after the one we\u0027re encoding. */\n while (--n \u003e= 0)\n@@ -112,7 +127,7 @@ encode_int(char *p, svn_filesize_t val)\n static void\n append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val)\n {\n- char buf[128], *p;\n+ char buf[MAX_ENCODED_INT_LEN], *p;\n\n p = encode_int(buf, val);\n svn_stringbuf_appendbytes(header, buf, p - buf);\n@@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t *window, void\n svn_stringbuf_t *i1 = svn_stringbuf_create(\"\", pool);\n svn_stringbuf_t *header = svn_stringbuf_create(\"\", pool);\n const svn_string_t *newdata;\n- char ibuf[128], *ip;\n+ char ibuf[MAX_INSTRUCTION_LEN], *ip;\n const svn_txdelta_op_t *op;\n apr_size_t len;\n\n@@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -365,6 +382,8 @@ decode_size(apr_size_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -382,7 +401,7 @@ decode_size(apr_size_t *val,\n data is not compressed. */\n\n static svn_error_t *\n-zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out)\n+zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit)\n {\n apr_size_t len;\n char *oldplace = in-\u003edata;\n@@ -390,6 +409,13 @@ static svn_error_t *\n /* First thing in the string is the original length. */\n in-\u003edata = (char *)decode_size(\u0026len, (unsigned char *)in-\u003edata,\n (unsigned char *)in-\u003edata+in-\u003elen);\n+ if (in-\u003edata == NULL)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed:\nno size\"));\n+ if (len \u003e limit)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed: \"\n+ \"size too large\"));\n /* We need to subtract the size of the encoded original length off the\n * still remaining input length. */\n in-\u003elen -= (in-\u003edata - oldplace);\n@@ -487,10 +513,10 @@ count_and_verify_instructions(int *ninst,\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: insn %d cannot be decoded\"), n);\n- else if (op.length \u003c= 0)\n+ else if (op.length == 0)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n- _(\"Invalid diff stream: insn %d has non-positive length\"), n);\n+ _(\"Invalid diff stream: insn %d has length zero\"), n);\n else if (op.length \u003e tview_len - tpos)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n@@ -499,7 +525,8 @@ count_and_verify_instructions(int *ninst,\n switch (op.action_code)\n {\n case svn_txdelta_source:\n- if (op.length \u003e sview_len - op.offset)\n+ if (op.length \u003e sview_len - op.offset ||\n+ op.offset \u003e sview_len)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: \"\n@@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi\n\n instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);\n instout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(instin, instout));\n+ SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));\n\n ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool);\n ndout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(ndin, ndout));\n+ SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));\n\n newlen = ndout-\u003elen;\n data = (unsigned char *)instout-\u003edata;\n@@ -685,6 +712,14 @@ write_handler(void *baton,\n if (p == NULL)\n return SVN_NO_ERROR;\n\n+ if (tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (sview_offset \u003c 0 || inslen + newlen \u003c inslen\n || sview_len + tview_len \u003c sview_len\n@@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files\n SVN_ERR(read_one_size(inslen, stream));\n SVN_ERR(read_one_size(newlen, stream));\n\n+ if (*tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ *sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ *newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ *inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (*sview_offset \u003c 0 || *inslen + *newlen \u003c *inslen\n || *sview_len + *tview_len \u003c *sview_len\nIndex: subversion/libsvn_delta/text_delta.c\n===================================================================\n--- subversion/libsvn_delta/text_delta.c (revision 38519)\n+++ subversion/libsvn_delta/text_delta.c (working copy)\n@@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler\n /* Functions for applying deltas. */\n\n /* Ensure that BUF has enough space for VIEW_LEN bytes. */\n-static APR_INLINE void\n+static APR_INLINE svn_error_t *\n size_buffer(char **buf, apr_size_t *buf_size,\n apr_size_t view_len, apr_pool_t *pool)\n {\n@@ -557,8 +557,11 @@ size_buffer(char **buf, apr_size_t *buf_size,\n *buf_size *= 2;\n if (*buf_size \u003c view_len)\n *buf_size = view_len;\n+ SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(*buf_size) \u003e= *buf_size);\n *buf = apr_palloc(pool, *buf_size);\n }\n+\n+ return SVN_NO_ERROR;\n }\n\n\n@@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t *window, void *b\n \u003e= ab-\u003esbuf_offset + ab-\u003esbuf_len)));\n\n /* Make sure there\u0027s enough room in the target buffer. */\n- size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool));\n\n /* Prepare the source buffer for reading from the input stream. */\n if (window-\u003esview_offset != ab-\u003esbuf_offset\n@@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t *window, void *b\n char *old_sbuf = ab-\u003esbuf;\n\n /* Make sure there\u0027s enough room. */\n- size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len,\n+ ab-\u003epool));\n\n /* If the existing view overlaps with the new view, copy the\n * overlap to the beginning of the new buffer. */\n]]]\n\n\n This patch applies to Subversion 1.5.x:\n\n[[[\nIndex: subversion/libsvn_delta/svndiff.c\n===================================================================\n--- subversion/libsvn_delta/svndiff.c (revision 38498)\n+++ subversion/libsvn_delta/svndiff.c (working copy)\n@@ -55,10 +55,23 @@ struct encoder_baton {\n apr_pool_t *pool;\n };\n\n+/* This is at least as big as the largest size of an integer that\n+ encode_int can generate; it is sufficient for creating buffers for\n+ it to write into. This assumes that integers are at most 64 bits,\n+ and so 10 bytes (with 7 bits of information each) are sufficient to\n+ represent them. */\n+#define MAX_ENCODED_INT_LEN 10\n+/* This is at least as big as the largest size for a single instruction. */\n+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)\n+/* This is at least as big as the largest possible instructions\n+ section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE\n+ 1-byte copy-from-source instructions (though this is very unlikely). */\n+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)\n\n /* Encode VAL into the buffer P using the variable-length svndiff\n integer format. Return the incremented value of P after the\n- encoded bytes have been written. \n+ encoded bytes have been written. P must point to a buffer of size\n+ at least MAX_ENCODED_INT_LEN. \n\n This encoding uses the high bit of each byte as a continuation bit\n and the other seven bits as data bits. High-order data bits are\n@@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val)\n n++;\n }\n\n+ assert(n \u003c= MAX_ENCODED_INT_LEN);\n+\n /* Encode the remaining bytes; n is always the number of bytes\n coming after the one we\u0027re encoding. */\n while (--n \u003e= 0)\n@@ -107,7 +122,7 @@ encode_int(char *p, svn_filesize_t val)\n static void\n append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val)\n {\n- char buf[128], *p;\n+ char buf[MAX_ENCODED_INT_LEN], *p;\n\n p = encode_int(buf, val);\n svn_stringbuf_appendbytes(header, buf, p - buf);\n@@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t *window, void\n svn_stringbuf_t *i1 = svn_stringbuf_create(\"\", pool);\n svn_stringbuf_t *header = svn_stringbuf_create(\"\", pool);\n const svn_string_t *newdata;\n- char ibuf[128], *ip;\n+ char ibuf[MAX_INSTRUCTION_LEN], *ip;\n const svn_txdelta_op_t *op;\n apr_size_t len;\n\n@@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -360,6 +377,8 @@ decode_size(apr_size_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -377,7 +396,7 @@ decode_size(apr_size_t *val,\n data is not compressed. */\n\n static svn_error_t *\n-zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out)\n+zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit)\n {\n apr_size_t len;\n char *oldplace = in-\u003edata;\n@@ -385,6 +404,13 @@ static svn_error_t *\n /* First thing in the string is the original length. */\n in-\u003edata = (char *)decode_size(\u0026len, (unsigned char *)in-\u003edata,\n (unsigned char *)in-\u003edata+in-\u003elen);\n+ if (in-\u003edata == NULL)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed:\nno size\"));\n+ if (len \u003e limit)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed: \"\n+ \"size too large\"));\n /* We need to subtract the size of the encoded original length off the\n * still remaining input length. */\n in-\u003elen -= (in-\u003edata - oldplace);\n@@ -482,10 +508,10 @@ count_and_verify_instructions(int *ninst,\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: insn %d cannot be decoded\"), n);\n- else if (op.length \u003c= 0)\n+ else if (op.length == 0)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n- _(\"Invalid diff stream: insn %d has non-positive length\"), n);\n+ _(\"Invalid diff stream: insn %d has length zero\"), n);\n else if (op.length \u003e tview_len - tpos)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n@@ -494,7 +520,8 @@ count_and_verify_instructions(int *ninst,\n switch (op.action_code)\n {\n case svn_txdelta_source:\n- if (op.length \u003e sview_len - op.offset)\n+ if (op.length \u003e sview_len - op.offset ||\n+ op.offset \u003e sview_len)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: \"\n@@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi\n\n instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);\n instout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(instin, instout));\n+ SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));\n\n ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool);\n ndout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(ndin, ndout));\n+ SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));\n\n newlen = ndout-\u003elen;\n data = (unsigned char *)instout-\u003edata;\n@@ -680,6 +707,14 @@ write_handler(void *baton,\n if (p == NULL)\n return SVN_NO_ERROR;\n\n+ if (tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (sview_offset \u003c 0 || inslen + newlen \u003c inslen\n || sview_len + tview_len \u003c sview_len\n@@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files\n SVN_ERR(read_one_size(inslen, stream));\n SVN_ERR(read_one_size(newlen, stream));\n\n+ if (*tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ *sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ *newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ *inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (*sview_offset \u003c 0 || *inslen + *newlen \u003c *inslen\n || *sview_len + *tview_len \u003c *sview_len\nIndex: subversion/libsvn_delta/text_delta.c\n===================================================================\n--- subversion/libsvn_delta/text_delta.c (revision 38498)\n+++ subversion/libsvn_delta/text_delta.c (working copy)\n@@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler\n /* Functions for applying deltas. */\n\n /* Ensure that BUF has enough space for VIEW_LEN bytes. */\n-static APR_INLINE void\n+static APR_INLINE svn_error_t *\n size_buffer(char **buf, apr_size_t *buf_size,\n apr_size_t view_len, apr_pool_t *pool)\n {\n@@ -507,8 +507,13 @@ size_buffer(char **buf, apr_size_t *buf_size,\n *buf_size *= 2;\n if (*buf_size \u003c view_len)\n *buf_size = view_len;\n+ if (APR_ALIGN_DEFAULT(*buf_size) \u003c *buf_size)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n+ \"Diff stream resulted in invalid\nbuffer size.\");\n *buf = apr_palloc(pool, *buf_size);\n }\n+\n+ return SVN_NO_ERROR;\n }\n\n\n@@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t *window, void *b\n \u003e= ab-\u003esbuf_offset + ab-\u003esbuf_len)));\n\n /* Make sure there\u0027s enough room in the target buffer. */\n- size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool));\n\n /* Prepare the source buffer for reading from the input stream. */\n if (window-\u003esview_offset != ab-\u003esbuf_offset\n@@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t *window, void *b\n char *old_sbuf = ab-\u003esbuf;\n\n /* Make sure there\u0027s enough room. */\n- size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len,\n+ ab-\u003epool));\n\n /* If the existing view overlaps with the new view, copy the\n * overlap to the beginning of the new buffer. */\n]]]\n. The Apache Portable Runtime\nUtility Library (aka APR-Util) provides an interface to functionality\nsuch as XML parsing, string matching and databases connections. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/apr \u003c 1.3.8 \u003e= 1.3.8\n 2 dev-libs/apr-util \u003c 1.3.9 \u003e= 1.3.9\n -------------------------------------------------------------------\n 2 affected packages on all of their supported architectures. \n -------------------------------------------------------------------\n\nDescription\n===========\n\nMatt Lewis reported multiple Integer overflows in the apr_rmm_malloc(),\napr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of\nAPR-Util and in memory/unix/apr_pools.c of APR, both occurring when\naligning memory blocks. \n\nImpact\n======\n\nA remote attacker could entice a user to connect to a malicious server\nwith software that uses the APR or act as a malicious client to a\nserver that uses the APR (such as Subversion or Apache servers),\npossibly resulting in the execution of arbitrary code with the\nprivileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Portable Runtime users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8\n\nAll APR Utility Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9\n\nReferences\n==========\n\n [ 1 ] CVE-2009-2412\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200909-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-813-2 August 08, 2009\napache2 vulnerability\nCVE-2009-2412\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libapr0 2.0.55-4ubuntu2.7\n\nAfter a standard system upgrade you need to restart any applications using\napr, such as Subversion and Apache, to effect the necessary changes. \n\nDetails follow:\n\nUSN-813-1 fixed vulnerabilities in apr. This update provides the\ncorresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz\n Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc\n Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb\n Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 229124 400d32297652e4976456cb7b367cc435\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 37096 2756f162320b3b183c7447dad130cff9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 37098 15db8827569af434025942a84e77b381\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 262652 93f2171d69072153264cab51860f781c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 804250 3a780a65322c539717e93a64792acc16\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2412"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "BID",
"id": "35949"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80246"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2412",
"trust": 3.3
},
{
"db": "BID",
"id": "35949",
"trust": 2.7
},
{
"db": "OSVDB",
"id": "56765",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "56766",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "36138",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "36140",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "37152",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "37221",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "36233",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "36166",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-3184",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "80092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80246",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80232",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80227",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80226",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "35949"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80246"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"id": "VAR-200908-0708",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16451614
},
"last_update_date": "2024-07-23T20:50:52.900000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache httpd 2.0.64",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
},
{
"title": "Apache 2.2.13 Released",
"trust": 0.8,
"url": "http://httpd.apache.org/#2.2.13"
},
{
"title": "1.3.x/CHANGES",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/changes?revision=800735\u0026view=markup"
},
{
"title": "0.9.x/CHANGES",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/changes?revision=800736\u0026view=markup"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3937"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3937?viewlocale=ja_jp"
},
{
"title": "apr-1.2.7-11AXS3.1",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=730"
},
{
"title": "apr-util-1.2.7-7AXS3.2",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=731"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
},
{
"title": "7014506",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506#7007"
},
{
"title": "7014463",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7007"
},
{
"title": "7007033",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
},
{
"title": "7006876",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876##60239"
},
{
"title": "PM10658",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"title": "7007951",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
},
{
"title": "PK93225",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk93225\u0026loc=en_us"
},
{
"title": "1761",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1761"
},
{
"title": "1768",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1768"
},
{
"title": "1769",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1769"
},
{
"title": "RHSA-2009:1204",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2009-1204.html"
},
{
"title": "RHSA-2009:1205",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2009-1205.html"
},
{
"title": "cve_2010_0740_record_of",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_0740_record_of"
},
{
"title": "readme_imss71_lin_criticalpatch_b12531",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/71/readme_imss71_lin_criticalpatch_b12531.txt"
},
{
"title": "readme_imss70_lin_criticalpatch_b33791",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_criticalpatch_b33791.txt"
},
{
"title": "readme_imss70_sol_criticalpatch_b81651",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_criticalpatch_b81651.txt"
},
{
"title": "readme_imss70_win_criticalpatch_b63681",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/win/70/readme_imss70_win_criticalpatch_b63681.txt"
},
{
"title": "TLSA-2010-30",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2010/tlsa-2010-30j.txt"
},
{
"title": "JP-2076110",
"trust": 0.8,
"url": "http://esupport.trendmicro.co.jp/pages/jp-2076110.aspx"
},
{
"title": "RHSA-2009:1205",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/rhsa/rhsa-2009-1205j.html"
},
{
"title": "RHSA-2009:1204",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/rhsa/rhsa-2009-1204j.html"
},
{
"title": "interstage_as_201103",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201103.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/56766"
},
{
"trust": 2.4,
"url": "http://osvdb.org/56765"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/36140"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/36138"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/35949"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/changes?revision=800736\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/changes?revision=800735\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/changes?revision=800733\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/changes?revision=800732\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk93225"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht3937"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk99482"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/37152"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/37221"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9958"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/36166"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00353.html"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8394"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/36233"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:195"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00320.html"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2412"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2412"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/cve_2010_0740_record_of"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2412"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1204"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1205"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2009-2412"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1462"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0602"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
},
{
"trust": 0.3,
"url": "http://www.mail-archive.com/dev@httpd.apache.org/msg44737.html"
},
{
"trust": 0.3,
"url": "http://apr.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.13"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201103e.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1204.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1462.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://www.apache.org/dist/apr/patches/\u003e."
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/project_packages.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2411"
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/security/cve-2009-2411-advisory.txt)"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200909-03.xml"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc"
}
],
"sources": [
{
"db": "BID",
"id": "35949"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80246"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "35949"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80246"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-05T00:00:00",
"db": "BID",
"id": "35949"
},
{
"date": "2009-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"date": "2009-08-06T17:50:34",
"db": "PACKETSTORM",
"id": "80092"
},
{
"date": "2009-08-11T01:57:48",
"db": "PACKETSTORM",
"id": "80246"
},
{
"date": "2009-08-11T01:34:56",
"db": "PACKETSTORM",
"id": "80232"
},
{
"date": "2009-09-10T00:41:18",
"db": "PACKETSTORM",
"id": "81085"
},
{
"date": "2009-08-11T01:24:32",
"db": "PACKETSTORM",
"id": "80227"
},
{
"date": "2009-08-11T01:05:43",
"db": "PACKETSTORM",
"id": "80226"
},
{
"date": "2009-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"date": "2009-08-06T15:30:00.280000",
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:40:00",
"db": "BID",
"id": "35949"
},
{
"date": "2011-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"date": "2023-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"date": "2023-11-07T02:04:07.420000",
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "APR Library and APR-util Integer overflow vulnerability in the library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
}
],
"trust": 0.6
}
}
gsd-2009-2412
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-2412",
"description": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"id": "GSD-2009-2412",
"references": [
"https://www.suse.com/security/cve/CVE-2009-2412.html",
"https://www.debian.org/security/2009/dsa-1854",
"https://access.redhat.com/errata/RHSA-2010:0602",
"https://access.redhat.com/errata/RHSA-2009:1462",
"https://access.redhat.com/errata/RHSA-2009:1205",
"https://access.redhat.com/errata/RHSA-2009:1204",
"https://linux.oracle.com/cve/CVE-2009-2412.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-2412"
],
"details": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"id": "GSD-2009-2412",
"modified": "2023-12-13T01:19:46.188852Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "http://www.vupen.com/english/advisories/2010/1107",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
"refsource": "MISC",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"name": "http://osvdb.org/56765",
"refsource": "MISC",
"url": "http://osvdb.org/56765"
},
{
"name": "http://osvdb.org/56766",
"refsource": "MISC",
"url": "http://osvdb.org/56766"
},
{
"name": "http://secunia.com/advisories/36138",
"refsource": "MISC",
"url": "http://secunia.com/advisories/36138"
},
{
"name": "http://secunia.com/advisories/36140",
"refsource": "MISC",
"url": "http://secunia.com/advisories/36140"
},
{
"name": "http://secunia.com/advisories/36166",
"refsource": "MISC",
"url": "http://secunia.com/advisories/36166"
},
{
"name": "http://secunia.com/advisories/36233",
"refsource": "MISC",
"url": "http://secunia.com/advisories/36233"
},
{
"name": "http://secunia.com/advisories/37152",
"refsource": "MISC",
"url": "http://secunia.com/advisories/37152"
},
{
"name": "http://secunia.com/advisories/37221",
"refsource": "MISC",
"url": "http://secunia.com/advisories/37221"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "MISC",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:195",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:195"
},
{
"name": "http://www.securityfocus.com/bid/35949",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/35949"
},
{
"name": "http://www.ubuntu.com/usn/usn-813-2",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"name": "http://www.vupen.com/english/advisories/2009/3184",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958"
},
{
"name": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html",
"refsource": "MISC",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html"
},
{
"name": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html",
"refsource": "MISC",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2412"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup"
},
{
"name": "36138",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36138"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup",
"refsource": "CONFIRM",
"tags": [
"Exploit"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733",
"refsource": "CONFIRM",
"tags": [
"Exploit"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup",
"refsource": "CONFIRM",
"tags": [
"Exploit"
],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"name": "35949",
"refsource": "BID",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35949"
},
{
"name": "36140",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36140"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"name": "MDVSA-2009:195",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:195"
},
{
"name": "56766",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/56766"
},
{
"name": "56765",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/56765"
},
{
"name": "USN-813-2",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"name": "36166",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/36166"
},
{
"name": "FEDORA-2009-8360",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html"
},
{
"name": "FEDORA-2009-8336",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html"
},
{
"name": "36233",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/36233"
},
{
"name": "SUSE-SA:2009:050",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"name": "37152",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37152"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "37221",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37221"
},
{
"name": "PK93225",
"refsource": "AIXAPAR",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225"
},
{
"name": "PK99482",
"refsource": "AIXAPAR",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "oval:org.mitre.oval:def:9958",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958"
},
{
"name": "oval:org.mitre.oval:def:8394",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394"
},
{
"name": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T01:17Z",
"publishedDate": "2009-08-06T15:30Z"
}
}
}
ghsa-8g6v-29rv-3j6m
Vulnerability from github
Published
2022-05-02 03:35
Modified
2022-05-02 03:35
Details
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
{
"affected": [],
"aliases": [
"CVE-2009-2412"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-08-06T15:30:00Z",
"severity": "HIGH"
},
"details": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"id": "GHSA-8g6v-29rv-3j6m",
"modified": "2022-05-02T03:35:02Z",
"published": "2022-05-02T03:35:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1204"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1205"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2009:1462"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/56765"
},
{
"type": "WEB",
"url": "http://osvdb.org/56766"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36138"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36140"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36166"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36233"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37152"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37221"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3937"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733\u0026view=markup"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732\u0026view=markup"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:195"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/35949"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1107"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.