Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-1429 (GCVE-0-2010-1429)
Vulnerability from cvelistv5 – Published: 2010-04-28 22:00 – Updated: 2024-08-07 01:21
VLAI?
EPSS
Summary
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "HPSBMU02736",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "jboss-status-servlet-information-disclosure(58149)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "SSRT100699",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "44009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-12T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "HPSBMU02736",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "RHSA-2010:0376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "RHSA-2010:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "jboss-status-servlet-information-disclosure(58149)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "SSRT100699",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "ADV-2010-0992",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "44009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1429",
"datePublished": "2010-04-28T22:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.2.0\", \"matchCriteriaId\": \"E8E0B7BE-9F4D-4083-B08A-13CA20422820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.0\", \"matchCriteriaId\": \"4906489F-828A-4351-8D5B-A989CED8E4A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9830D64-C46F-4423-BE0B-0B1FDB765D62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*\", \"matchCriteriaId\": \"599FBAC3-2E83-443B-AACB-99BBA896CB19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*\", \"matchCriteriaId\": \"43590B58-A1C7-4105-A00F-6C4F46A6CC5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*\", \"matchCriteriaId\": \"A44F907E-AE57-4213-B001-A23319B72CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*\", \"matchCriteriaId\": \"243ED156-851C-4897-AF59-86FCA5C9C66F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*\", \"matchCriteriaId\": \"125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*\", \"matchCriteriaId\": \"7398F80B-8318-40E7-A0EE-6CCF7E066C03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4816097-6982-4FBA-BD34-3D24BCA5A56A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*\", \"matchCriteriaId\": \"960A513A-CAFC-4B3D-ABD7-4659CF545C73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2D8DC6D-5E39-4A53-8BB8-F998706D573F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AA2D64E-D7E7-400D-AC7E-CB2045750791\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*\", \"matchCriteriaId\": \"197F047B-E11C-4B79-B6C4-79B2C278A33F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \\\"deployed web contexts\\\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\"}, {\"lang\": \"es\", \"value\": \"Plataforma de aplicaci\\u00f3n Red Hat JBoss Enterprise (conocido como JBoss EAP r JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 permite a atacantes remotos obtener informaci\\u00f3n sensible \\\"deployed web contexts\\\" (Contextos web desarrollados) a trav\\u00e9s de peticiones a servlet de estado, como quedo demostrado con una petici\\u00f3n de cadena con full=true. NOTA: esta vulnerabilidad est\\u00e1 provocada por una regresi\\u00f3n del CVE-2008-3273.\"}]",
"id": "CVE-2010-1429",
"lastModified": "2024-11-21T01:14:23.987",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2010-04-28T22:30:00.840",
"references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/39563\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=585900\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58149\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44009/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39563\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1023918\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/39710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0992\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=585900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0376.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0377.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0378.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0379.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2010-1429\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-04-28T22:30:00.840\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \\\"deployed web contexts\\\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\"},{\"lang\":\"es\",\"value\":\"Plataforma de aplicaci\u00f3n Red Hat JBoss Enterprise (conocido como JBoss EAP r JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 permite a atacantes remotos obtener informaci\u00f3n sensible \\\"deployed web contexts\\\" (Contextos web desarrollados) a trav\u00e9s de peticiones a servlet de estado, como quedo demostrado con una petici\u00f3n de cadena con full=true. NOTA: esta vulnerabilidad est\u00e1 provocada por una regresi\u00f3n del CVE-2008-3273.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.0\",\"matchCriteriaId\":\"E8E0B7BE-9F4D-4083-B08A-13CA20422820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.0\",\"matchCriteriaId\":\"4906489F-828A-4351-8D5B-A989CED8E4A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9830D64-C46F-4423-BE0B-0B1FDB765D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*\",\"matchCriteriaId\":\"599FBAC3-2E83-443B-AACB-99BBA896CB19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*\",\"matchCriteriaId\":\"43590B58-A1C7-4105-A00F-6C4F46A6CC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*\",\"matchCriteriaId\":\"A44F907E-AE57-4213-B001-A23319B72CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*\",\"matchCriteriaId\":\"243ED156-851C-4897-AF59-86FCA5C9C66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*\",\"matchCriteriaId\":\"125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*\",\"matchCriteriaId\":\"7398F80B-8318-40E7-A0EE-6CCF7E066C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4816097-6982-4FBA-BD34-3D24BCA5A56A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*\",\"matchCriteriaId\":\"960A513A-CAFC-4B3D-ABD7-4659CF545C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D8DC6D-5E39-4A53-8BB8-F998706D573F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA2D64E-D7E7-400D-AC7E-CB2045750791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*\",\"matchCriteriaId\":\"197F047B-E11C-4B79-B6C4-79B2C278A33F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=585900\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58149\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44009/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1023918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/39710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=585900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0376.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0377.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0378.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2010_0378
Vulnerability from csaf_redhat - Published: 2010-04-27 03:55 - Updated: 2024-11-22 03:20Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0348 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0348 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0378",
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571835"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0378.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2024-11-22T03:20:08+00:00",
"generator": {
"date": "2024-11-22T03:20:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0378",
"initial_release_date": "2010-04-27T03:55:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:55:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:55:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:20:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010:0379
Vulnerability from csaf_redhat - Published: 2010-04-27 04:15 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0349 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0349 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0379",
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571905"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0379.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2025-11-21T17:36:07+00:00",
"generator": {
"date": "2025-11-21T17:36:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0379",
"initial_release_date": "2010-04-27T04:15:00+00:00",
"revision_history": [
{
"date": "2010-04-27T04:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-27T00:15:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010_0377
Vulnerability from csaf_redhat - Published: 2010-04-27 03:39 - Updated: 2024-11-22 03:20Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0347 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0347 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0377",
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571828"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0377.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2024-11-22T03:20:03+00:00",
"generator": {
"date": "2024-11-22T03:20:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0377",
"initial_release_date": "2010-04-27T03:39:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:39:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:39:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:20:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010_0379
Vulnerability from csaf_redhat - Published: 2010-04-27 04:15 - Updated: 2024-11-22 03:20Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0349 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0828 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0349 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0379",
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571905"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0379.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2024-11-22T03:20:13+00:00",
"generator": {
"date": "2024-11-22T03:20:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0379",
"initial_release_date": "2010-04-27T04:15:00+00:00",
"revision_history": [
{
"date": "2010-04-27T04:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-27T00:15:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:20:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T04:15:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5.src",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.src",
"5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el5.src",
"5Server-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5.src",
"5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch",
"5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5.src",
"5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.5.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010:0376
Vulnerability from csaf_redhat - Published: 2010-04-27 03:19 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0346 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0346 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0376",
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "571813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571813"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0376.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2025-11-21T17:36:05+00:00",
"generator": {
"date": "2025-11-21T17:36:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0376",
"initial_release_date": "2010-04-27T03:19:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:19:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010:0377
Vulnerability from csaf_redhat - Published: 2010-04-27 03:39 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.3.0.CP08.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP07.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0347 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.3.0.CP08.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.3.0.CP07.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0347 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0377",
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp08/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571828"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0377.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update",
"tracking": {
"current_release_date": "2025-11-21T17:36:07+00:00",
"generator": {
"date": "2025-11-21T17:36:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0377",
"initial_release_date": "2010-04-27T03:39:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:39:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:39:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_id": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossws@2.0.1-5.SP2_CP08.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_id": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-3.SP3_CP10.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2-docs@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_id": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam2@2.0.2.FP-1.ep1.23.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-7.GA_CP08.ep1.6.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP08-bin@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.3.0-7.GA_CP08.5.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src"
},
"product_reference": "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src"
},
"product_reference": "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch"
},
"product_reference": "jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src"
},
"product_reference": "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src"
},
"product_reference": "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src"
},
"product_reference": "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:39:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0377"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4AS-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP-4.3.0:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP-4.3.0:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jboss-seam2-0:2.0.2.FP-1.ep1.23.el4.src",
"4ES-JBEAP-4.3.0:jboss-seam2-docs-0:2.0.2.FP-1.ep1.23.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4.src",
"4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP08-bin-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-7.GA_CP08.5.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch",
"4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4.src",
"4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-7.GA_CP08.ep1.6.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010:0378
Vulnerability from csaf_redhat - Published: 2010-04-27 03:55 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0348 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 5 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0827 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0348 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0378",
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571835"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0378.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2025-11-21T17:36:07+00:00",
"generator": {
"date": "2025-11-21T17:36:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0378",
"initial_release_date": "2010-04-27T03:55:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:55:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:55:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.4.1.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0378"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5.src",
"5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.noarch",
"5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.10.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.24.el5.src",
"5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.24.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5.src",
"5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch",
"5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5.src",
"5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.4.1.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
RHSA-2010_0376
Vulnerability from csaf_redhat - Published: 2010-04-27 03:19 - Updated: 2024-11-22 03:19Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.2.0.CP09.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.2.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link
in the References section.
The following security issues are also fixed with this release:
The JMX Console configuration only specified an authentication requirement
for requests that used the GET and POST HTTP "verbs". A remote attacker
could create an HTTP request that does not specify GET or POST, causing it
to be executed by the default GET handler without authentication. This
release contains a JMX Console with an updated configuration that no longer
specifies the HTTP verbs. This means that the authentication requirement is
applied to all requests. (CVE-2010-0738)
For the CVE-2010-0738 issue, if an immediate upgrade is not possible or the
server deployment has been customized, a manual fix can be applied. Refer
to the "Security" subsection of the "Issues fixed in this release" section
(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for
details. Contact Red Hat JBoss Support for advice before making the changes
noted in the Release Notes.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded
Security for responsibly reporting the CVE-2010-0738 issue.
Unauthenticated access to the JBoss Application Server Web Console
(/web-console) is blocked by default. However, it was found that this block
was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker
could use this flaw to gain access to sensitive information. This release
contains a Web Console with an updated configuration that now blocks all
unauthenticated access to it by default. (CVE-2010-1428)
The RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where
unauthenticated users were able to access the status servlet; however, a
bug fix included in the RHSA-2009:0346 update re-introduced the issue. A
remote attacker could use this flaw to acquire details about deployed web
contexts. (CVE-2010-1429)
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nthree security issues and multiple bugs are now available for Red Hat\nEnterprise Linux 4 as JBEAP 4.2.0.CP09.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.2.0.CP08.\n\nThese updated packages include multiple bug fixes which are detailed in the\nRelease Notes. The Release Notes will be available shortly from the link\nin the References section.\n\nThe following security issues are also fixed with this release:\n\nThe JMX Console configuration only specified an authentication requirement\nfor requests that used the GET and POST HTTP \"verbs\". A remote attacker\ncould create an HTTP request that does not specify GET or POST, causing it\nto be executed by the default GET handler without authentication. This\nrelease contains a JMX Console with an updated configuration that no longer\nspecifies the HTTP verbs. This means that the authentication requirement is\napplied to all requests. (CVE-2010-0738)\n\nFor the CVE-2010-0738 issue, if an immediate upgrade is not possible or the\nserver deployment has been customized, a manual fix can be applied. Refer\nto the \"Security\" subsection of the \"Issues fixed in this release\" section\n(JBPAPP-3952) of the JBEAP Release Notes, linked to in the References, for\ndetails. Contact Red Hat JBoss Support for advice before making the changes\nnoted in the Release Notes.\n\nRed Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded\nSecurity for responsibly reporting the CVE-2010-0738 issue.\n\nUnauthenticated access to the JBoss Application Server Web Console\n(/web-console) is blocked by default. However, it was found that this block\nwas incomplete, and only blocked GET and POST HTTP verbs. A remote attacker\ncould use this flaw to gain access to sensitive information. This release\ncontains a Web Console with an updated configuration that now blocks all\nunauthenticated access to it by default. (CVE-2010-1428)\n\nThe RHSA-2008:0825 update fixed an issue (CVE-2008-3273) where\nunauthenticated users were able to access the status servlet; however, a\nbug fix included in the RHSA-2009:0346 update re-introduced the issue. A\nremote attacker could use this flaw to acquire details about deployed web\ncontexts. (CVE-2010-1429)\n\nWarning: Before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0376",
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html",
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp09/html-single/Release_Notes/index.html"
},
{
"category": "external",
"summary": "571813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=571813"
},
{
"category": "external",
"summary": "574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0376.json"
}
],
"title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP09 update",
"tracking": {
"current_release_date": "2024-11-22T03:19:57+00:00",
"generator": {
"date": "2024-11-22T03:19:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0376",
"initial_release_date": "2010-04-27T03:19:00+00:00",
"revision_history": [
{
"date": "2010-04-27T03:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-04-26T23:19:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:19:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_id": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP09.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_id": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-aop@1.5.5-3.CP05.2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP13.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_id": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-3.SP2.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_id": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP14.1.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_id": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP10.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.12.GA_CP03.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_id": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.0.1-1.patch01.1jpp.ep1.4.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_id": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-3.patch03.1jpp.ep1.3.el4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP09-bin@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_id": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-client@4.2.0-6.GA_CP09.6.ep1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_id": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.24.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_id": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-7.GA_CP09.ep1.5.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_id": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.10.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src"
},
"product_reference": "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src"
},
"product_reference": "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch"
},
"product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch"
},
"product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src"
},
"product_reference": "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src"
},
"product_reference": "jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src"
},
"product_reference": "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src"
},
"product_reference": "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src"
},
"product_reference": "jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-0:1.2.1-1.ep1.24.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src"
},
"product_reference": "jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch"
},
"product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src"
},
"product_reference": "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch"
},
"product_reference": "jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src"
},
"product_reference": "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src"
},
"product_reference": "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
},
"product_reference": "rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Stefano Di Paola",
"Giorgio Fedon"
],
"organization": "Minded Security"
}
],
"cve": "CVE-2010-0738",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2010-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "574105"
}
],
"notes": [
{
"category": "description",
"text": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application\u0027s GET handler by using a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss EAP jmx authentication bypass with crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0738"
},
{
"category": "external",
"summary": "RHBZ#574105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0738"
},
{
"category": "external",
"summary": "https://access.redhat.com/kb/docs/DOC-30741",
"url": "https://access.redhat.com/kb/docs/DOC-30741"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "JBoss EAP jmx authentication bypass with crafted HTTP request"
},
{
"cve": "CVE-2010-1428",
"discovery_date": "2010-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585899"
}
],
"notes": [
{
"category": "description",
"text": "The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBoss Application Server Web Console Authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1428"
},
{
"category": "external",
"summary": "RHBZ#585899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585899"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1428"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-05-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "JBoss Application Server Web Console Authentication bypass"
},
{
"cve": "CVE-2010-1429",
"discovery_date": "2010-02-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "585900"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossEAP status servlet info leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-1429"
},
{
"category": "external",
"summary": "RHBZ#585900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
}
],
"release_date": "2010-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-04-27T03:19:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0376"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4AS-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4AS-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4AS-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4AS-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4AS-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4AS-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4AS-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.src",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4.src",
"4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.12.GA_CP03.ep1.el4.noarch",
"4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.noarch",
"4ES-JBEAP:hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4.src",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.noarch",
"4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.10.el4.src",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.noarch",
"4ES-JBEAP:jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4.src",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.noarch",
"4ES-JBEAP:jboss-aop-0:1.5.5-3.CP05.2.ep1.el4.src",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.noarch",
"4ES-JBEAP:jboss-cache-0:1.4.1-6.SP14.1.ep1.el4.src",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.noarch",
"4ES-JBEAP:jboss-remoting-0:2.2.3-3.SP2.ep1.el4.src",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.24.el4.src",
"4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.24.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4.src",
"4ES-JBEAP:jbossas-4.2.0.GA_CP09-bin-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossas-client-0:4.2.0-6.GA_CP09.6.ep1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4.src",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch",
"4ES-JBEAP:rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4.src",
"4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-7.GA_CP09.ep1.5.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossEAP status servlet info leak"
}
]
}
CERTA-2013-AVI-440
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans HP Network Node Manager I. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Network Node Manager I version 9.1 ant\u00e9rieures au correctif HF-NNMi-9.1xP5-JBoss-20130417",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Network Node Manager I version 9.0 ant\u00e9rieures au correctif HF-NNMi-9.0xP5-JBoss-20130417",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2196"
},
{
"name": "CVE-2011-4605",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4605"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2011-4858",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4858"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2009-3554",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3554"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"name": "CVE-2011-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1483"
}
],
"links": [],
"reference": "CERTA-2013-AVI-440",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP Network Node Manager I\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Network Node Manager I",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP du 24 juillet 2013",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583"
}
]
}
CERTFR-2014-AVI-232
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Juniper NSM versions antérieures à 2012.2R8 | ||
| Juniper Networks | Junos Space | Juniper Junos Space versions antérieures à 13.3R1.8 | ||
| Juniper Networks | N/A | Juniper ScreenOS 6.3 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos Space versions ant\u00e9rieures \u00e0 13.3R1.8",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ScreenOS 6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3411"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2013-1557",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1557"
},
{
"name": "CVE-2013-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2389"
},
{
"name": "CVE-2013-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3805"
},
{
"name": "CVE-2013-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3801"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2013-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1502"
},
{
"name": "CVE-2013-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1544"
},
{
"name": "CVE-2013-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2392"
},
{
"name": "CVE-2013-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3804"
},
{
"name": "CVE-2014-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2842"
},
{
"name": "CVE-2013-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3809"
},
{
"name": "CVE-2014-3412",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3412"
},
{
"name": "CVE-2013-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3808"
},
{
"name": "CVE-2013-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3783"
},
{
"name": "CVE-2012-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
},
{
"name": "CVE-2013-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2422"
},
{
"name": "CVE-2013-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2376"
},
{
"name": "CVE-2013-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3794"
},
{
"name": "CVE-2013-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1511"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2014-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3413"
},
{
"name": "CVE-2013-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3802"
},
{
"name": "CVE-2013-3839",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3839"
},
{
"name": "CVE-2013-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3812"
},
{
"name": "CVE-2013-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2375"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2013-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1532"
},
{
"name": "CVE-2013-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2391"
},
{
"name": "CVE-2013-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3793"
},
{
"name": "CVE-2013-1537",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1537"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-232",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10625 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10625"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10627 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10624 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10626 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10626"
}
]
}
CERTFR-2016-AVI-300
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Juniper Junos Space versions antérieures à 15.1R1
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eJuniper Junos Space versions ant\u00e9rieures \u00e0 15.1R1\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2013-1557",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1557"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2013-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2389"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2013-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3805"
},
{
"name": "CVE-2013-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3801"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2014-6491",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6491"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2013-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1502"
},
{
"name": "CVE-2013-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1544"
},
{
"name": "CVE-2013-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2392"
},
{
"name": "CVE-2014-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0429"
},
{
"name": "CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"name": "CVE-2014-0456",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0456"
},
{
"name": "CVE-2013-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3804"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2015-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2620"
},
{
"name": "CVE-2014-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
},
{
"name": "CVE-2013-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3809"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2013-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3808"
},
{
"name": "CVE-2013-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3783"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"name": "CVE-2014-6500",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6500"
},
{
"name": "CVE-2014-6495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6495"
},
{
"name": "CVE-2012-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
},
{
"name": "CVE-2013-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2422"
},
{
"name": "CVE-2014-6494",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6494"
},
{
"name": "CVE-2013-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2376"
},
{
"name": "CVE-2013-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2249"
},
{
"name": "CVE-2015-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
},
{
"name": "CVE-2013-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3794"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-0818",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0818"
},
{
"name": "CVE-2013-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1511"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2014-6478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6478"
},
{
"name": "CVE-2014-6559",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6559"
},
{
"name": "CVE-2014-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3413"
},
{
"name": "CVE-2014-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
},
{
"name": "CVE-2013-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3802"
},
{
"name": "CVE-2013-3839",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3839"
},
{
"name": "CVE-2013-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3812"
},
{
"name": "CVE-2013-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2375"
},
{
"name": "CVE-2015-7753",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7753"
},
{
"name": "CVE-2014-6496",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6496"
},
{
"name": "CVE-2013-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2013-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1532"
},
{
"name": "CVE-2013-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2391"
},
{
"name": "CVE-2014-4264",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4264"
},
{
"name": "CVE-2013-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3793"
},
{
"name": "CVE-2011-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5245"
},
{
"name": "CVE-2013-1537",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1537"
},
{
"name": "CVE-2015-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0501"
},
{
"name": "CVE-2012-2333",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-300",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10698 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10627 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTA-2013-AVI-440
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans HP Network Node Manager I. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Network Node Manager I version 9.1 ant\u00e9rieures au correctif HF-NNMi-9.1xP5-JBoss-20130417",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Network Node Manager I version 9.0 ant\u00e9rieures au correctif HF-NNMi-9.0xP5-JBoss-20130417",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2196"
},
{
"name": "CVE-2011-4605",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4605"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2011-4858",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4858"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2009-3554",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3554"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"name": "CVE-2011-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1483"
}
],
"links": [],
"reference": "CERTA-2013-AVI-440",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP Network Node Manager I\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Network Node Manager I",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP du 24 juillet 2013",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583"
}
]
}
CERTFR-2016-AVI-300
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Juniper Junos Space versions antérieures à 15.1R1
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eJuniper Junos Space versions ant\u00e9rieures \u00e0 15.1R1\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2013-1557",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1557"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2013-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2389"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2013-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3805"
},
{
"name": "CVE-2013-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3801"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2014-6491",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6491"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2013-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1502"
},
{
"name": "CVE-2013-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1544"
},
{
"name": "CVE-2013-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2392"
},
{
"name": "CVE-2014-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0429"
},
{
"name": "CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"name": "CVE-2014-0456",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0456"
},
{
"name": "CVE-2013-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3804"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2015-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2620"
},
{
"name": "CVE-2014-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
},
{
"name": "CVE-2013-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3809"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2013-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3808"
},
{
"name": "CVE-2013-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3783"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"name": "CVE-2014-6500",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6500"
},
{
"name": "CVE-2014-6495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6495"
},
{
"name": "CVE-2012-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
},
{
"name": "CVE-2013-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2422"
},
{
"name": "CVE-2014-6494",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6494"
},
{
"name": "CVE-2013-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2376"
},
{
"name": "CVE-2013-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2249"
},
{
"name": "CVE-2015-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
},
{
"name": "CVE-2013-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3794"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-0818",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0818"
},
{
"name": "CVE-2013-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1511"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2014-6478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6478"
},
{
"name": "CVE-2014-6559",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6559"
},
{
"name": "CVE-2014-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3413"
},
{
"name": "CVE-2014-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
},
{
"name": "CVE-2013-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3802"
},
{
"name": "CVE-2013-3839",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3839"
},
{
"name": "CVE-2013-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3812"
},
{
"name": "CVE-2013-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2375"
},
{
"name": "CVE-2015-7753",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7753"
},
{
"name": "CVE-2014-6496",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6496"
},
{
"name": "CVE-2013-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2013-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1532"
},
{
"name": "CVE-2013-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2391"
},
{
"name": "CVE-2014-4264",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4264"
},
{
"name": "CVE-2013-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3793"
},
{
"name": "CVE-2011-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5245"
},
{
"name": "CVE-2013-1537",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1537"
},
{
"name": "CVE-2015-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0501"
},
{
"name": "CVE-2012-2333",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-300",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10698 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10627 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2014-AVI-232
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Juniper NSM versions antérieures à 2012.2R8 | ||
| Juniper Networks | Junos Space | Juniper Junos Space versions antérieures à 13.3R1.8 | ||
| Juniper Networks | N/A | Juniper ScreenOS 6.3 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos Space versions ant\u00e9rieures \u00e0 13.3R1.8",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ScreenOS 6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3411"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2013-1557",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1557"
},
{
"name": "CVE-2013-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2389"
},
{
"name": "CVE-2013-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3805"
},
{
"name": "CVE-2013-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3801"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2013-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1502"
},
{
"name": "CVE-2013-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1544"
},
{
"name": "CVE-2013-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2392"
},
{
"name": "CVE-2013-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3804"
},
{
"name": "CVE-2014-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2842"
},
{
"name": "CVE-2013-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3809"
},
{
"name": "CVE-2014-3412",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3412"
},
{
"name": "CVE-2013-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3808"
},
{
"name": "CVE-2013-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3783"
},
{
"name": "CVE-2012-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
},
{
"name": "CVE-2013-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2422"
},
{
"name": "CVE-2013-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2376"
},
{
"name": "CVE-2013-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3794"
},
{
"name": "CVE-2013-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1511"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2014-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3413"
},
{
"name": "CVE-2013-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3802"
},
{
"name": "CVE-2013-3839",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3839"
},
{
"name": "CVE-2013-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3812"
},
{
"name": "CVE-2013-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2375"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2013-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1532"
},
{
"name": "CVE-2013-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2391"
},
{
"name": "CVE-2013-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3793"
},
{
"name": "CVE-2013-1537",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1537"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-232",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10625 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10625"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10627 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10624 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10626 du 01 mai 2014",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10626"
}
]
}
GSD-2010-1429
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-1429",
"description": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"id": "GSD-2010-1429",
"references": [
"https://access.redhat.com/errata/RHSA-2010:0379",
"https://access.redhat.com/errata/RHSA-2010:0378",
"https://access.redhat.com/errata/RHSA-2010:0377",
"https://access.redhat.com/errata/RHSA-2010:0376",
"https://packetstormsecurity.com/files/cve/CVE-2010-1429"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-1429"
],
"details": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"id": "GSD-2010-1429",
"modified": "2023-12-13T01:21:33.042958Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "http://secunia.com/advisories/39563",
"refsource": "MISC",
"url": "http://secunia.com/advisories/39563"
},
{
"name": "http://securitytracker.com/id?1023918",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "http://www.securityfocus.com/bid/39710",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "http://www.vupen.com/english/advisories/2010/0992",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0376.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0377.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0378.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2010-0379.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "https://www.exploit-db.com/exploits/44009/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=585900",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1429"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0377",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "1023918",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "39563",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"name": "ADV-2010-0992",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "39710",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=585900",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"name": "RHSA-2010:0379",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "RHSA-2010:0376",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "HPSBMU02736",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"name": "jboss-status-servlet-information-disclosure(58149)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"name": "44009",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/44009/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:17Z",
"publishedDate": "2010-04-28T22:30Z"
}
}
}
FKIE_CVE-2010-1429
Vulnerability from fkie_nvd - Published: 2010-04-28 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=132698550418872&w=2 | ||
| secalert@redhat.com | http://secunia.com/advisories/39563 | Vendor Advisory | |
| secalert@redhat.com | http://securitytracker.com/id?1023918 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/39710 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0992 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=585900 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/58149 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0376.html | Vendor Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0377.html | Vendor Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0378.html | Vendor Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2010-0379.html | Vendor Advisory | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/44009/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132698550418872&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39563 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023918 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39710 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=585900 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/58149 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0376.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0377.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0378.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0379.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44009/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | * | |
| redhat | jboss_enterprise_application_platform | * | |
| redhat | jboss_enterprise_application_platform | 4.2 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.2.0 | |
| redhat | jboss_enterprise_application_platform | 4.3 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*",
"matchCriteriaId": "E8E0B7BE-9F4D-4083-B08A-13CA20422820",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*",
"matchCriteriaId": "4906489F-828A-4351-8D5B-A989CED8E4A5",
"versionEndIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
"matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
"matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
"matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
"matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "197F047B-E11C-4B79-B6C4-79B2C278A33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
"matchCriteriaId": "CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
},
{
"lang": "es",
"value": "Plataforma de aplicaci\u00f3n Red Hat JBoss Enterprise (conocido como JBoss EAP r JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 permite a atacantes remotos obtener informaci\u00f3n sensible \"deployed web contexts\" (Contextos web desarrollados) a trav\u00e9s de peticiones a servlet de estado, como quedo demostrado con una petici\u00f3n de cadena con full=true. NOTA: esta vulnerabilidad est\u00e1 provocada por una regresi\u00f3n del CVE-2008-3273."
}
],
"id": "CVE-2010-1429",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-28T22:30:00.840",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023918"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.exploit-db.com/exploits/44009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44009/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-X26P-67Q3-4MFX
Vulnerability from github – Published: 2022-05-02 06:22 – Updated: 2025-04-11 03:34
VLAI?
Details
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
{
"affected": [],
"aliases": [
"CVE-2010-1429"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-04-28T22:30:00Z",
"severity": "MODERATE"
},
"details": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.",
"id": "GHSA-x26p-67q3-4mfx",
"modified": "2025-04-11T03:34:23Z",
"published": "2022-05-02T06:22:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1429"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44009"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39563"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1023918"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0992"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…