Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2012-5783
Vulnerability from cvelistv5
Published
2012-11-04 22:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:16.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0681", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { name: "openSUSE-SU-2013:0622", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { name: "RHSA-2013:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { name: "RHSA-2017:0868", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { name: "openSUSE-SU-2013:0354", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { name: "58073", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58073", }, { name: "apache-commons-ssl-spoofing(79984)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { name: "RHSA-2013:0270", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { name: "RHSA-2013:0682", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { name: "openSUSE-SU-2013:0638", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { name: "openSUSE-SU-2013:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { name: "RHSA-2013:1853", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { name: "RHSA-2013:0679", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { name: "RHSA-2013:1147", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "USN-2769-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2769-1", }, { name: "RHSA-2014:0224", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-25T00:00:00", descriptions: [ { lang: "en", value: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2013:0681", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { name: "openSUSE-SU-2013:0622", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { name: "RHSA-2013:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { name: "RHSA-2017:0868", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { name: "openSUSE-SU-2013:0354", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { name: "58073", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58073", }, { name: "apache-commons-ssl-spoofing(79984)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { name: "RHSA-2013:0270", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { name: "RHSA-2013:0682", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { name: "openSUSE-SU-2013:0638", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { name: "openSUSE-SU-2013:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { name: "RHSA-2013:1853", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { name: "RHSA-2013:0679", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { name: "RHSA-2013:1147", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "USN-2769-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2769-1", }, { name: "RHSA-2014:0224", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5783", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2013:0681", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { name: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { name: "openSUSE-SU-2013:0622", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { name: "RHSA-2013:0680", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { name: "RHSA-2017:0868", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { name: "openSUSE-SU-2013:0354", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { name: "58073", refsource: "BID", url: "http://www.securityfocus.com/bid/58073", }, { name: "apache-commons-ssl-spoofing(79984)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { name: "RHSA-2013:0270", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { name: "RHSA-2013:0682", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { name: "openSUSE-SU-2013:0638", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { name: "openSUSE-SU-2013:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { name: "RHSA-2013:1853", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { name: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", refsource: "MISC", url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { name: "RHSA-2013:0679", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { name: "RHSA-2013:1147", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "USN-2769-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2769-1", }, { name: "RHSA-2014:0224", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-5783", datePublished: "2012-11-04T22:00:00", dateReserved: "2012-11-04T00:00:00", dateUpdated: "2024-08-06T21:14:16.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7849CBEF-9C6F-4E3E-A2CA-BA817EC1E1C6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\"}, {\"lang\": \"es\", \"value\": \"Apache Commons HttpClient v3.x, tal y como se utiliza en el Java SDK de Amazon Flexible Payments Service(FPS) y otros productos, no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre com\\u00fan (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite falsificar servidores SSL a atacantes man-in-the-middle mediante un certificado v\\u00e1lido de su elecci\\u00f3n.\\r\\n\"}]", id: "CVE-2012-5783", lastModified: "2024-11-21T01:45:12.763", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2012-11-04T22:55:03.297", references: "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0270.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0679.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0680.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0681.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0682.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1147.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1853.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0224.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/58073\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2769-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:0868\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/79984\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://issues.apache.org/jira/browse/HTTPCLIENT-1265\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0270.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0679.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0680.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0681.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0682.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1147.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1853.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0224.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/58073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2769-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:0868\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/79984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://issues.apache.org/jira/browse/HTTPCLIENT-1265\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2012-5783\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-11-04T22:55:03.297\",\"lastModified\":\"2024-11-21T01:45:12.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\"},{\"lang\":\"es\",\"value\":\"Apache Commons HttpClient v3.x, tal y como se utiliza en el Java SDK de Amazon Flexible Payments Service(FPS) y otros productos, no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite falsificar servidores SSL a atacantes man-in-the-middle mediante un certificado válido de su elección.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7849CBEF-9C6F-4E3E-A2CA-BA817EC1E1C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0270.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0679.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0680.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0681.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0682.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1147.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1853.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0224.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/58073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2769-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0868\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/79984\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://issues.apache.org/jira/browse/HTTPCLIENT-1265\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0270.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0679.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0680.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0681.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0682.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1147.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1853.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0224.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/58073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2769-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/79984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://issues.apache.org/jira/browse/HTTPCLIENT-1265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}", }, }
rhsa-2023:3954
Vulnerability from csaf_redhat
Published
2023-06-29 20:07
Modified
2025-03-16 06:49
Summary
Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update
Notes
Topic
A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hazelcast: Hazelcast connection caching (CVE-2022-36437)
* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)
* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* tomcat: JsonErrorReportValve injection (CVE-2022-45143)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3954", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "1886587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886587", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "2144970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144970", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "2153399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153399", }, { category: "external", summary: "2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2158695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", }, { category: "external", summary: "2162053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162053", }, { category: "external", summary: "2162206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162206", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "2215465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", }, { category: "external", summary: "ENTESB-20598", url: "https://issues.redhat.com/browse/ENTESB-20598", }, { category: "external", summary: "ENTESB-21418", url: "https://issues.redhat.com/browse/ENTESB-21418", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3954.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update", tracking: { current_release_date: "2025-03-16T06:49:05+00:00", generator: { date: "2025-03-16T06:49:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3954", initial_release_date: "2023-06-29T20:07:23+00:00", revision_history: [ { date: "2023-06-29T20:07:23+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-29T20:07:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:49:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.12", product: { name: "Red Hat Fuse 7.12", product_id: "Red Hat Fuse 7.12", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2020-10-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1886587", }, ], notes: [ { category: "description", text: "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", title: "Vulnerability description", }, { category: "summary", text: "apache-httpclient: incorrect handling of malformed authority component in request URIs", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-13956", }, { category: "external", summary: "RHBZ#1886587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886587", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-13956", url: "https://www.cve.org/CVERecord?id=CVE-2020-13956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2020/10/08/4", url: "https://www.openwall.com/lists/oss-security/2020/10/08/4", }, ], release_date: "2020-10-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-httpclient: incorrect handling of malformed authority component in request URIs", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat Fuse 7.12", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-31692", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, discovery_date: "2023-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162206", }, ], notes: [ { category: "description", text: "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.", title: "Vulnerability description", }, { category: "summary", text: "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31692", }, { category: "external", summary: "RHBZ#2162206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162206", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31692", url: "https://www.cve.org/CVERecord?id=CVE-2022-31692", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", }, { category: "external", summary: "https://spring.io/security/cve-2022-31692", url: "https://spring.io/security/cve-2022-31692", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", }, { cve: "CVE-2022-36437", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2023-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162053", }, ], notes: [ { category: "description", text: "A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.", title: "Vulnerability description", }, { category: "summary", text: "hazelcast: Hazelcast connection caching", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration - Camel Quarkus Extensions: Hazelcast is contained in camel-quarkus-hazelcast but it does not affect any supported component. This package is community support only. Hence the low impact for Camel Quarkus Extension.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-36437", }, { category: "external", summary: "RHBZ#2162053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162053", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-36437", url: "https://www.cve.org/CVERecord?id=CVE-2022-36437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-36437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36437", }, { category: "external", summary: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp", url: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp", }, ], release_date: "2022-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "hazelcast: Hazelcast connection caching", }, { cve: "CVE-2022-38398", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155292", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38398", }, { category: "external", summary: "RHBZ#2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38398", url: "https://www.cve.org/CVERecord?id=CVE-2022-38398", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903462", url: "http://svn.apache.org/viewvc?view=revision&revision=1903462", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1331", url: "https://issues.apache.org/jira/browse/BATIK-1331", }, { category: "external", summary: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", url: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38648", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155295", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38648", }, { category: "external", summary: "RHBZ#2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38648", url: "https://www.cve.org/CVERecord?id=CVE-2022-38648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903625", url: "http://svn.apache.org/viewvc?view=revision&revision=1903625", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1333", url: "https://issues.apache.org/jira/browse/BATIK-1333", }, { category: "external", summary: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", url: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-40146", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155291", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery (SSRF) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40146", }, { category: "external", summary: "RHBZ#2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40146", url: "https://www.cve.org/CVERecord?id=CVE-2022-40146", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903910", url: "http://svn.apache.org/viewvc?view=revision&revision=1903910", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1335", url: "https://issues.apache.org/jira/browse/BATIK-1335", }, { category: "external", summary: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery (SSRF) vulnerability", }, { cve: "CVE-2022-41704", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182182", }, ], notes: [ { category: "description", text: "A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.", title: "Vulnerability description", }, { category: "summary", text: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41704", }, { category: "external", summary: "RHBZ#2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41704", url: "https://www.cve.org/CVERecord?id=CVE-2022-41704", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-41881", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153379", }, ], notes: [ { category: "description", text: "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41881", }, { category: "external", summary: "RHBZ#2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41881", url: "https://www.cve.org/CVERecord?id=CVE-2022-41881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", }, { cve: "CVE-2022-41940", cwe: { id: "CWE-248", name: "Uncaught Exception", }, discovery_date: "2022-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2144970", }, ], notes: [ { category: "description", text: "A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "engine.io: Specially crafted HTTP request can trigger an uncaught exception", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41940", }, { category: "external", summary: "RHBZ#2144970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41940", url: "https://www.cve.org/CVERecord?id=CVE-2022-41940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", }, ], release_date: "2022-11-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "engine.io: Specially crafted HTTP request can trigger an uncaught exception", }, { cve: "CVE-2022-41946", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153399", }, ], notes: [ { category: "description", text: "A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.", title: "Vulnerability description", }, { category: "summary", text: "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships a PostgreSQL JDBC Driver for Hibernate ORM framework, which is embeds into Candlepin. Although Candlepin itself doesn't make direct use of the PreparedStatement methods from the PostgreSQL JDBC Driver, Hibernate ORM does utilize these methods, potentially making framework affected. Satellite server operating in an environment with untrusted users while the driver is running are vulnerable to the flaw, however, deployments without untrusted users are considered safe. A future Satellite update should address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41946", }, { category: "external", summary: "RHBZ#2153399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153399", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41946", url: "https://www.cve.org/CVERecord?id=CVE-2022-41946", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41946", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41946", }, ], release_date: "2022-11-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182183", }, ], notes: [ { category: "description", text: "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.", title: "Vulnerability description", }, { category: "summary", text: "batik: Untrusted code execution in Apache XML Graphics Batik", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42890", }, { category: "external", summary: "RHBZ#2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42890", url: "https://www.cve.org/CVERecord?id=CVE-2022-42890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Untrusted code execution in Apache XML Graphics Batik", }, { cve: "CVE-2022-42920", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2142707", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", title: "Vulnerability description", }, { category: "summary", text: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", title: "Vulnerability summary", }, { category: "other", text: "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42920", }, { category: "external", summary: "RHBZ#2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42920", url: "https://www.cve.org/CVERecord?id=CVE-2022-42920", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", }, { category: "external", summary: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", url: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", }, { cve: "CVE-2022-45143", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2023-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158695", }, ], notes: [ { category: "description", text: "A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: JsonErrorReportValve injection", title: "Vulnerability summary", }, { category: "other", text: "Although it may be rated as CVSS 7.5, it's still considered a low impact flaw as according to the advisory report from Apache, user controlled data may occur in specific cases only and may alter some specific fields only.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45143", }, { category: "external", summary: "RHBZ#2158695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45143", url: "https://www.cve.org/CVERecord?id=CVE-2022-45143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", }, { category: "external", summary: "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", url: "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", }, ], release_date: "2023-01-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: JsonErrorReportValve injection", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1108", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2023-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174246", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: Infinite loop in SslConduit during close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1108", }, { category: "external", summary: "RHBZ#2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1108", url: "https://www.cve.org/CVERecord?id=CVE-2023-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", }, { category: "external", summary: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", url: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Undertow: Infinite loop in SslConduit during close", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, { cve: "CVE-2023-22602", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182198", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Authentication bypass through a specially crafted HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-22602", }, { category: "external", summary: "RHBZ#2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-22602", url: "https://www.cve.org/CVERecord?id=CVE-2023-22602", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", }, ], release_date: "2023-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "shiro: Authentication bypass through a specially crafted HTTP request", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-06-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215465", }, ], notes: [ { category: "description", text: "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-33201", }, { category: "external", summary: "RHBZ#2215465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-33201", url: "https://www.cve.org/CVERecord?id=CVE-2023-33201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", }, { category: "external", summary: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", url: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", }, ], release_date: "2023-06-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", }, ], }
rhsa-2013_1006
Vulnerability from csaf_redhat
Published
2013-07-01 15:10
Modified
2024-11-22 06:41
Summary
Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update
Notes
Topic
Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss BRMS is a business rules management system for the
management, storage, creation, modification, and deployment of JBoss Rules.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS
5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
XML encryption backwards compatibility attacks were found against various
frameworks, including Apache CXF. An attacker could force a server to use
insecure, legacy cryptosystems, even when secure cryptosystems were enabled
on endpoints. By forcing the use of legacy cryptosystems, flaws such as
CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be
recovered from cryptograms and symmetric keys. This issue affected both the
JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native
(jbossws-native) stacks. (CVE-2012-5575)
If you are using jbossws-cxf, then automatic checks to prevent this flaw
are only run when WS-SecurityPolicy is used to enforce security
requirements. It is best practice to use WS-SecurityPolicy to enforce
security requirements.
If you are using jbossws-native, the fix for this flaw is implemented by
two new configuration parameters in the 'encryption' element. This element
can be a child of 'requires' in both client and server wsse configuration
descriptors (set on a per-application basis via the application's
jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes
are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a
blank space or comma separated list of algorithm IDs that are allowed for
the encrypted incoming message, both for encryption and private key
wrapping. For backwards compatibility, no algorithm checks are performed by
default for empty lists or missing attributes.
For example (do not include the line break in your configuration):
encryption algorithms="aes-192-gcm aes-256-gcm"
keyWrapAlgorithms="rsa_oaep"
Specifies that incoming messages are required to be encrypted, and that the
only permitted encryption algorithms are AES-192 and 256 in GCM mode, and
RSA-OAEP only for key wrapping.
Before performing any decryption, the jbossws-native stack will verify that
each algorithm specified in the incoming messages is included in the
allowed algorithms lists from these new encryption element attributes. The
algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are
the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt'
element.
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Multiple weaknesses were found in the JBoss Web DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj
Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.
Warning: Before applying the update, back up your existing Red Hat JBoss
BRMS installation (including its databases, applications, configuration
files, and so on).
All users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer
Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS\n5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nXML encryption backwards compatibility attacks were found against various\nframeworks, including Apache CXF. An attacker could force a server to use\ninsecure, legacy cryptosystems, even when secure cryptosystems were enabled\non endpoints. By forcing the use of legacy cryptosystems, flaws such as\nCVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be\nrecovered from cryptograms and symmetric keys. This issue affected both the\nJBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native\n(jbossws-native) stacks. (CVE-2012-5575)\n\nIf you are using jbossws-cxf, then automatic checks to prevent this flaw\nare only run when WS-SecurityPolicy is used to enforce security\nrequirements. It is best practice to use WS-SecurityPolicy to enforce\nsecurity requirements.\n\nIf you are using jbossws-native, the fix for this flaw is implemented by\ntwo new configuration parameters in the 'encryption' element. This element\ncan be a child of 'requires' in both client and server wsse configuration\ndescriptors (set on a per-application basis via the application's\njboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes\nare 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a\nblank space or comma separated list of algorithm IDs that are allowed for\nthe encrypted incoming message, both for encryption and private key\nwrapping. For backwards compatibility, no algorithm checks are performed by\ndefault for empty lists or missing attributes.\n\nFor example (do not include the line break in your configuration):\n\nencryption algorithms=\"aes-192-gcm aes-256-gcm\"\nkeyWrapAlgorithms=\"rsa_oaep\"\n\nSpecifies that incoming messages are required to be encrypted, and that the\nonly permitted encryption algorithms are AES-192 and 256 in GCM mode, and\nRSA-OAEP only for key wrapping.\n\nBefore performing any decryption, the jbossws-native stack will verify that\neach algorithm specified in the incoming messages is included in the\nallowed algorithms lists from these new encryption element attributes. The\nalgorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are\nthe same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt'\nelement.\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nRed Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj\nSomorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nBRMS installation (including its databases, applications, configuration\nfiles, and so on).\n\nAll users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer\nPortal are advised to apply this roll up patch.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1006", url: "https://access.redhat.com/errata/RHSA-2013:1006", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=5.3.1", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=5.3.1", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "880443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=880443", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1006.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update", tracking: { current_release_date: "2024-11-22T06:41:01+00:00", generator: { date: "2024-11-22T06:41:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1006", initial_release_date: "2013-07-01T15:10:00+00:00", revision_history: [ { date: "2013-07-01T15:10:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-07-01T15:14:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T06:41:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JBoss Enterprise BRMS Platform 5.3", product: { name: "JBoss Enterprise BRMS Platform 5.3", product_id: "JBoss Enterprise BRMS Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tibor Jager", "Kenneth G. Paterson", "Juraj Somorovsky", ], organization: "Ruhr-University Bochum", }, ], cve: "CVE-2012-5575", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2012-11-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "880443", }, ], notes: [ { category: "description", text: "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\"", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: XML encryption backwards compatibility attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5575", }, { category: "external", summary: "RHBZ#880443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=880443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5575", url: "https://www.cve.org/CVERecord?id=CVE-2012-5575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", }, { category: "external", summary: "http://cxf.apache.org/cve-2012-5575.html", url: "http://cxf.apache.org/cve-2012-5575.html", }, { category: "external", summary: "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", url: "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", }, ], release_date: "2013-03-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-cxf: XML encryption backwards compatibility attacks", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2012-5885", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5885", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5885", url: "https://www.cve.org/CVERecord?id=CVE-2012-5885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, { cve: "CVE-2012-5886", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5886", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5886", url: "https://www.cve.org/CVERecord?id=CVE-2012-5886", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, { cve: "CVE-2012-5887", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5887", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5887", url: "https://www.cve.org/CVERecord?id=CVE-2012-5887", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, ], }
rhsa-2023_3954
Vulnerability from csaf_redhat
Published
2023-06-29 20:07
Modified
2024-12-17 22:56
Summary
Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update
Notes
Topic
A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hazelcast: Hazelcast connection caching (CVE-2022-36437)
* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)
* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* tomcat: JsonErrorReportValve injection (CVE-2022-45143)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3954", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "1886587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886587", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "2144970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144970", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "2153399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153399", }, { category: "external", summary: "2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2158695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", }, { category: "external", summary: "2162053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162053", }, { category: "external", summary: "2162206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162206", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "2215465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", }, { category: "external", summary: "ENTESB-20598", url: "https://issues.redhat.com/browse/ENTESB-20598", }, { category: "external", summary: "ENTESB-21418", url: "https://issues.redhat.com/browse/ENTESB-21418", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3954.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update", tracking: { current_release_date: "2024-12-17T22:56:32+00:00", generator: { date: "2024-12-17T22:56:32+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3954", initial_release_date: "2023-06-29T20:07:23+00:00", revision_history: [ { date: "2023-06-29T20:07:23+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-29T20:07:23+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T22:56:32+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.12", product: { name: "Red Hat Fuse 7.12", product_id: "Red Hat Fuse 7.12", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2020-10-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1886587", }, ], notes: [ { category: "description", text: "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", title: "Vulnerability description", }, { category: "summary", text: "apache-httpclient: incorrect handling of malformed authority component in request URIs", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-13956", }, { category: "external", summary: "RHBZ#1886587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886587", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-13956", url: "https://www.cve.org/CVERecord?id=CVE-2020-13956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2020/10/08/4", url: "https://www.openwall.com/lists/oss-security/2020/10/08/4", }, ], release_date: "2020-10-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-httpclient: incorrect handling of malformed authority component in request URIs", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat Fuse 7.12", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-31692", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, discovery_date: "2023-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162206", }, ], notes: [ { category: "description", text: "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.", title: "Vulnerability description", }, { category: "summary", text: "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31692", }, { category: "external", summary: "RHBZ#2162206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162206", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31692", url: "https://www.cve.org/CVERecord?id=CVE-2022-31692", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", }, { category: "external", summary: "https://spring.io/security/cve-2022-31692", url: "https://spring.io/security/cve-2022-31692", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", }, { cve: "CVE-2022-36437", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2023-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162053", }, ], notes: [ { category: "description", text: "A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.", title: "Vulnerability description", }, { category: "summary", text: "hazelcast: Hazelcast connection caching", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration - Camel Quarkus Extensions: Hazelcast is contained in camel-quarkus-hazelcast but it does not affect any supported component. This package is community support only. Hence the low impact for Camel Quarkus Extension.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-36437", }, { category: "external", summary: "RHBZ#2162053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162053", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-36437", url: "https://www.cve.org/CVERecord?id=CVE-2022-36437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-36437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36437", }, { category: "external", summary: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp", url: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp", }, ], release_date: "2022-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "hazelcast: Hazelcast connection caching", }, { cve: "CVE-2022-38398", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155292", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38398", }, { category: "external", summary: "RHBZ#2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38398", url: "https://www.cve.org/CVERecord?id=CVE-2022-38398", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903462", url: "http://svn.apache.org/viewvc?view=revision&revision=1903462", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1331", url: "https://issues.apache.org/jira/browse/BATIK-1331", }, { category: "external", summary: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", url: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38648", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155295", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38648", }, { category: "external", summary: "RHBZ#2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38648", url: "https://www.cve.org/CVERecord?id=CVE-2022-38648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903625", url: "http://svn.apache.org/viewvc?view=revision&revision=1903625", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1333", url: "https://issues.apache.org/jira/browse/BATIK-1333", }, { category: "external", summary: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", url: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-40146", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155291", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery (SSRF) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40146", }, { category: "external", summary: "RHBZ#2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40146", url: "https://www.cve.org/CVERecord?id=CVE-2022-40146", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903910", url: "http://svn.apache.org/viewvc?view=revision&revision=1903910", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1335", url: "https://issues.apache.org/jira/browse/BATIK-1335", }, { category: "external", summary: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery (SSRF) vulnerability", }, { cve: "CVE-2022-41704", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182182", }, ], notes: [ { category: "description", text: "A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.", title: "Vulnerability description", }, { category: "summary", text: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41704", }, { category: "external", summary: "RHBZ#2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41704", url: "https://www.cve.org/CVERecord?id=CVE-2022-41704", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-41881", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153379", }, ], notes: [ { category: "description", text: "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41881", }, { category: "external", summary: "RHBZ#2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41881", url: "https://www.cve.org/CVERecord?id=CVE-2022-41881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", }, { cve: "CVE-2022-41940", cwe: { id: "CWE-248", name: "Uncaught Exception", }, discovery_date: "2022-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2144970", }, ], notes: [ { category: "description", text: "A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "engine.io: Specially crafted HTTP request can trigger an uncaught exception", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41940", }, { category: "external", summary: "RHBZ#2144970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41940", url: "https://www.cve.org/CVERecord?id=CVE-2022-41940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", }, ], release_date: "2022-11-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "engine.io: Specially crafted HTTP request can trigger an uncaught exception", }, { cve: "CVE-2022-41946", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153399", }, ], notes: [ { category: "description", text: "A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.", title: "Vulnerability description", }, { category: "summary", text: "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships a PostgreSQL JDBC Driver for Hibernate ORM framework, which is embeds into Candlepin. Although Candlepin itself doesn't make direct use of the PreparedStatement methods from the PostgreSQL JDBC Driver, Hibernate ORM does utilize these methods, potentially making framework affected. Satellite server operating in an environment with untrusted users while the driver is running are vulnerable to the flaw, however, deployments without untrusted users are considered safe. A future Satellite update should address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41946", }, { category: "external", summary: "RHBZ#2153399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153399", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41946", url: "https://www.cve.org/CVERecord?id=CVE-2022-41946", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41946", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41946", }, ], release_date: "2022-11-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182183", }, ], notes: [ { category: "description", text: "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.", title: "Vulnerability description", }, { category: "summary", text: "batik: Untrusted code execution in Apache XML Graphics Batik", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42890", }, { category: "external", summary: "RHBZ#2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42890", url: "https://www.cve.org/CVERecord?id=CVE-2022-42890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Untrusted code execution in Apache XML Graphics Batik", }, { cve: "CVE-2022-42920", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2142707", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", title: "Vulnerability description", }, { category: "summary", text: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", title: "Vulnerability summary", }, { category: "other", text: "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42920", }, { category: "external", summary: "RHBZ#2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42920", url: "https://www.cve.org/CVERecord?id=CVE-2022-42920", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", }, { category: "external", summary: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", url: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", }, { cve: "CVE-2022-45143", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2023-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158695", }, ], notes: [ { category: "description", text: "A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: JsonErrorReportValve injection", title: "Vulnerability summary", }, { category: "other", text: "Although it may be rated as CVSS 7.5, it's still considered a low impact flaw as according to the advisory report from Apache, user controlled data may occur in specific cases only and may alter some specific fields only.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45143", }, { category: "external", summary: "RHBZ#2158695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45143", url: "https://www.cve.org/CVERecord?id=CVE-2022-45143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", }, { category: "external", summary: "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", url: "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", }, ], release_date: "2023-01-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: JsonErrorReportValve injection", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1108", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2023-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174246", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: Infinite loop in SslConduit during close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1108", }, { category: "external", summary: "RHBZ#2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1108", url: "https://www.cve.org/CVERecord?id=CVE-2023-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", }, { category: "external", summary: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", url: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Undertow: Infinite loop in SslConduit during close", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, { cve: "CVE-2023-22602", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182198", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Authentication bypass through a specially crafted HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-22602", }, { category: "external", summary: "RHBZ#2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-22602", url: "https://www.cve.org/CVERecord?id=CVE-2023-22602", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", }, ], release_date: "2023-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "shiro: Authentication bypass through a specially crafted HTTP request", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-06-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215465", }, ], notes: [ { category: "description", text: "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-33201", }, { category: "external", summary: "RHBZ#2215465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-33201", url: "https://www.cve.org/CVERecord?id=CVE-2023-33201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", }, { category: "external", summary: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", url: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", }, ], release_date: "2023-06-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", }, ], }
rhsa-2014:0224
Vulnerability from csaf_redhat
Published
2014-02-27 18:33
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: redhat-support-plugin-rhev security update
Notes
Topic
An updated redhat-support-plugin-rhev package that fixes one security issue
is now available.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new
feature which offers seamless integrated access to Red Hat Access services
from the Red Hat Enterprise Virtualization Administration Portal. The
plug-in provides automated functionality that enables quicker help,
answers, and proactive services. It offers easy and instant access to Red
Hat exclusive knowledge, resources, engagement, and diagnostic features.
Detailed information about this plug-in can be found in the Red Hat
Customer Portal at https://access.redhat.com/site/articles/425603
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
All users of the Red Hat Support plug-in on Red Hat Enterprise
Virtualization Manager are advised to install this updated package, which
fixes this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated redhat-support-plugin-rhev package that fixes one security issue\nis now available.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new\nfeature which offers seamless integrated access to Red Hat Access services\nfrom the Red Hat Enterprise Virtualization Administration Portal. The\nplug-in provides automated functionality that enables quicker help,\nanswers, and proactive services. It offers easy and instant access to Red\nHat exclusive knowledge, resources, engagement, and diagnostic features.\n\nDetailed information about this plug-in can be found in the Red Hat\nCustomer Portal at https://access.redhat.com/site/articles/425603\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nAll users of the Red Hat Support plug-in on Red Hat Enterprise\nVirtualization Manager are advised to install this updated package, which\nfixes this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0224", url: "https://access.redhat.com/errata/RHSA-2014:0224", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/site/articles/425603", url: "https://access.redhat.com/site/articles/425603", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0224.json", }, ], title: "Red Hat Security Advisory: redhat-support-plugin-rhev security update", tracking: { current_release_date: "2024-11-14T12:15:48+00:00", generator: { date: "2024-11-14T12:15:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2014:0224", initial_release_date: "2014-02-27T18:33:22+00:00", revision_history: [ { date: "2014-02-27T18:33:22+00:00", number: "1", summary: "Initial version", }, { date: "2014-02-27T18:33:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHEV-M 3.3", product: { name: "RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:3", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product_id: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/redhat-support-plugin-rhev@3.3.0-14.el6ev?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product_id: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product_identification_helper: { purl: "pkg:rpm/redhat/redhat-support-plugin-rhev@3.3.0-14.el6ev?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch as a component of RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", }, product_reference: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", relates_to_product_reference: "6Server-RHEV-S-3.3", }, { category: "default_component_of", full_product_name: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src as a component of RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", }, product_reference: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", relates_to_product_reference: "6Server-RHEV-S-3.3", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-02-27T18:33:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0224", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:1853
Vulnerability from csaf_redhat
Published
2013-12-17 18:30
Modified
2024-11-22 07:09
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update
Notes
Topic
Red Hat JBoss Operations Network 3.2.0, which fixes multiple security
issues and several bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Red Hat JBoss Operations Network is a middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.2.0 release serves as a replacement for
JBoss Operations Network 3.1.2, and includes several bug fixes. Refer to
the JBoss Operations Network 3.2.0 Release Notes for information on the
most significant of these changes. The Release Notes will be available
shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
It was found that sending a request without a session identifier to a
protected resource could bypass the Cross-Site Request Forgery (CSRF)
prevention filter. A remote attacker could use this flaw to perform CSRF
attacks against applications that rely on the CSRF prevention filter and do
not contain internal mitigation for CSRF. (CVE-2012-4431)
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially crafted XML signature block. (CVE-2013-2172)
Warning: Before applying the update, back up your existing JBoss Operations
Network installation (including its databases, applications, configuration
files, the JBoss Operations Network server's file system directory, and so
on).
All users of JBoss Operations Network 3.1.2 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Operations Network 3.2.0, which fixes multiple security\nissues and several bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Operations Network is a middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.2.0 release serves as a replacement for\nJBoss Operations Network 3.1.2, and includes several bug fixes. Refer to\nthe JBoss Operations Network 3.2.0 Release Notes for information on the\nmost significant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform CSRF\nattacks against applications that rely on the CSRF prevention filter and do\nnot contain internal mitigation for CSRF. (CVE-2012-4431)\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nWarning: Before applying the update, back up your existing JBoss Operations\nNetwork installation (including its databases, applications, configuration\nfiles, the JBoss Operations Network server's file system directory, and so\non).\n\nAll users of JBoss Operations Network 3.1.2 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1853", url: "https://access.redhat.com/errata/RHSA-2013:1853", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0", }, { category: "external", summary: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/", url: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "883636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883636", }, { category: "external", summary: "999263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=999263", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1853.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update", tracking: { current_release_date: "2024-11-22T07:09:01+00:00", generator: { date: "2024-11-22T07:09:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1853", initial_release_date: "2013-12-17T18:30:00+00:00", revision_history: [ { date: "2013-12-17T18:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:45:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T07:09:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Operations Network 3.2", product: { name: "Red Hat JBoss Operations Network 3.2", product_id: "Red Hat JBoss Operations Network 3.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_operations_network:3.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Operations Network", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-4431", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2012-12-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "883636", }, ], notes: [ { category: "description", text: "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat/JBoss Web - Bypass of CSRF prevention filter", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of tomcat5 as shipped with Red Hat Enterprise Linux 5 and tomcat6 as shipped with Red Hat Enterprise Linux 6 as they did not include the CSRF prevention filter.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-4431", }, { category: "external", summary: "RHBZ#883636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883636", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-4431", url: "https://www.cve.org/CVERecord?id=CVE-2012-4431", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", }, { category: "external", summary: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36", url: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36", }, { category: "external", summary: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32", url: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32", }, ], release_date: "2012-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Tomcat/JBoss Web - Bypass of CSRF prevention filter", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2013-2172", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, discovery_date: "2013-08-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "999263", }, ], notes: [ { category: "description", text: "A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.", title: "Vulnerability description", }, { category: "summary", text: "Java: XML signature spoofing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-2172", }, { category: "external", summary: "RHBZ#999263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=999263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-2172", url: "https://www.cve.org/CVERecord?id=CVE-2013-2172", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", }, { category: "external", summary: "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", url: "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", }, ], release_date: "2013-06-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Java: XML signature spoofing", }, ], }
RHSA-2023:3954
Vulnerability from csaf_redhat
Published
2023-06-29 20:07
Modified
2025-03-16 06:49
Summary
Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update
Notes
Topic
A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hazelcast: Hazelcast connection caching (CVE-2022-36437)
* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)
* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* tomcat: JsonErrorReportValve injection (CVE-2022-45143)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3954", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "1886587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886587", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "2144970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144970", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "2153399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153399", }, { category: "external", summary: "2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2158695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", }, { category: "external", summary: "2162053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162053", }, { category: "external", summary: "2162206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162206", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "2215465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", }, { category: "external", summary: "ENTESB-20598", url: "https://issues.redhat.com/browse/ENTESB-20598", }, { category: "external", summary: "ENTESB-21418", url: "https://issues.redhat.com/browse/ENTESB-21418", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3954.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update", tracking: { current_release_date: "2025-03-16T06:49:05+00:00", generator: { date: "2025-03-16T06:49:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3954", initial_release_date: "2023-06-29T20:07:23+00:00", revision_history: [ { date: "2023-06-29T20:07:23+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-29T20:07:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:49:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.12", product: { name: "Red Hat Fuse 7.12", product_id: "Red Hat Fuse 7.12", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2020-10-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1886587", }, ], notes: [ { category: "description", text: "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", title: "Vulnerability description", }, { category: "summary", text: "apache-httpclient: incorrect handling of malformed authority component in request URIs", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-13956", }, { category: "external", summary: "RHBZ#1886587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886587", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-13956", url: "https://www.cve.org/CVERecord?id=CVE-2020-13956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2020/10/08/4", url: "https://www.openwall.com/lists/oss-security/2020/10/08/4", }, ], release_date: "2020-10-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-httpclient: incorrect handling of malformed authority component in request URIs", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat Fuse 7.12", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, { cve: "CVE-2022-31692", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, discovery_date: "2023-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162206", }, ], notes: [ { category: "description", text: "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.", title: "Vulnerability description", }, { category: "summary", text: "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31692", }, { category: "external", summary: "RHBZ#2162206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162206", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31692", url: "https://www.cve.org/CVERecord?id=CVE-2022-31692", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", }, { category: "external", summary: "https://spring.io/security/cve-2022-31692", url: "https://spring.io/security/cve-2022-31692", }, ], release_date: "2022-10-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", }, { cve: "CVE-2022-36437", cwe: { id: "CWE-384", name: "Session Fixation", }, discovery_date: "2023-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2162053", }, ], notes: [ { category: "description", text: "A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.", title: "Vulnerability description", }, { category: "summary", text: "hazelcast: Hazelcast connection caching", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration - Camel Quarkus Extensions: Hazelcast is contained in camel-quarkus-hazelcast but it does not affect any supported component. This package is community support only. Hence the low impact for Camel Quarkus Extension.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-36437", }, { category: "external", summary: "RHBZ#2162053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2162053", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-36437", url: "https://www.cve.org/CVERecord?id=CVE-2022-36437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-36437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36437", }, { category: "external", summary: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp", url: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp", }, ], release_date: "2022-12-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "hazelcast: Hazelcast connection caching", }, { cve: "CVE-2022-38398", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155292", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38398", }, { category: "external", summary: "RHBZ#2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38398", url: "https://www.cve.org/CVERecord?id=CVE-2022-38398", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903462", url: "http://svn.apache.org/viewvc?view=revision&revision=1903462", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1331", url: "https://issues.apache.org/jira/browse/BATIK-1331", }, { category: "external", summary: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", url: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38648", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155295", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38648", }, { category: "external", summary: "RHBZ#2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38648", url: "https://www.cve.org/CVERecord?id=CVE-2022-38648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903625", url: "http://svn.apache.org/viewvc?view=revision&revision=1903625", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1333", url: "https://issues.apache.org/jira/browse/BATIK-1333", }, { category: "external", summary: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", url: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-40146", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155291", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery (SSRF) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40146", }, { category: "external", summary: "RHBZ#2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40146", url: "https://www.cve.org/CVERecord?id=CVE-2022-40146", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903910", url: "http://svn.apache.org/viewvc?view=revision&revision=1903910", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1335", url: "https://issues.apache.org/jira/browse/BATIK-1335", }, { category: "external", summary: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery (SSRF) vulnerability", }, { cve: "CVE-2022-41704", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182182", }, ], notes: [ { category: "description", text: "A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.", title: "Vulnerability description", }, { category: "summary", text: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41704", }, { category: "external", summary: "RHBZ#2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41704", url: "https://www.cve.org/CVERecord?id=CVE-2022-41704", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-41881", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153379", }, ], notes: [ { category: "description", text: "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41881", }, { category: "external", summary: "RHBZ#2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41881", url: "https://www.cve.org/CVERecord?id=CVE-2022-41881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", }, { cve: "CVE-2022-41940", cwe: { id: "CWE-248", name: "Uncaught Exception", }, discovery_date: "2022-11-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2144970", }, ], notes: [ { category: "description", text: "A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "engine.io: Specially crafted HTTP request can trigger an uncaught exception", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41940", }, { category: "external", summary: "RHBZ#2144970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41940", url: "https://www.cve.org/CVERecord?id=CVE-2022-41940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41940", }, ], release_date: "2022-11-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "engine.io: Specially crafted HTTP request can trigger an uncaught exception", }, { cve: "CVE-2022-41946", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153399", }, ], notes: [ { category: "description", text: "A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.", title: "Vulnerability description", }, { category: "summary", text: "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships a PostgreSQL JDBC Driver for Hibernate ORM framework, which is embeds into Candlepin. Although Candlepin itself doesn't make direct use of the PreparedStatement methods from the PostgreSQL JDBC Driver, Hibernate ORM does utilize these methods, potentially making framework affected. Satellite server operating in an environment with untrusted users while the driver is running are vulnerable to the flaw, however, deployments without untrusted users are considered safe. A future Satellite update should address this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41946", }, { category: "external", summary: "RHBZ#2153399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153399", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41946", url: "https://www.cve.org/CVERecord?id=CVE-2022-41946", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41946", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41946", }, ], release_date: "2022-11-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182183", }, ], notes: [ { category: "description", text: "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.", title: "Vulnerability description", }, { category: "summary", text: "batik: Untrusted code execution in Apache XML Graphics Batik", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42890", }, { category: "external", summary: "RHBZ#2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42890", url: "https://www.cve.org/CVERecord?id=CVE-2022-42890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Untrusted code execution in Apache XML Graphics Batik", }, { cve: "CVE-2022-42920", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2142707", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", title: "Vulnerability description", }, { category: "summary", text: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", title: "Vulnerability summary", }, { category: "other", text: "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42920", }, { category: "external", summary: "RHBZ#2142707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42920", url: "https://www.cve.org/CVERecord?id=CVE-2022-42920", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", }, { category: "external", summary: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", url: "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", }, { cve: "CVE-2022-45143", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2023-01-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2158695", }, ], notes: [ { category: "description", text: "A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: JsonErrorReportValve injection", title: "Vulnerability summary", }, { category: "other", text: "Although it may be rated as CVSS 7.5, it's still considered a low impact flaw as according to the advisory report from Apache, user controlled data may occur in specific cases only and may alter some specific fields only.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45143", }, { category: "external", summary: "RHBZ#2158695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2158695", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45143", url: "https://www.cve.org/CVERecord?id=CVE-2022-45143", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45143", }, { category: "external", summary: "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", url: "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj", }, ], release_date: "2023-01-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: JsonErrorReportValve injection", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1108", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2023-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174246", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", title: "Vulnerability description", }, { category: "summary", text: "Undertow: Infinite loop in SslConduit during close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1108", }, { category: "external", summary: "RHBZ#2174246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1108", url: "https://www.cve.org/CVERecord?id=CVE-2023-1108", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", }, { category: "external", summary: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", url: "https://github.com/advisories/GHSA-m4mm-pg93-fv78", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Undertow: Infinite loop in SslConduit during close", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, { cve: "CVE-2023-22602", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182198", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Authentication bypass through a specially crafted HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-22602", }, { category: "external", summary: "RHBZ#2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-22602", url: "https://www.cve.org/CVERecord?id=CVE-2023-22602", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", }, ], release_date: "2023-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "shiro: Authentication bypass through a specially crafted HTTP request", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-06-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215465", }, ], notes: [ { category: "description", text: "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.12", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-33201", }, { category: "external", summary: "RHBZ#2215465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-33201", url: "https://www.cve.org/CVERecord?id=CVE-2023-33201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", }, { category: "external", summary: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", url: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", }, ], release_date: "2023-06-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-29T20:07:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Fuse 7.12", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3954", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Fuse 7.12", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", }, ], }
rhsa-2013_0763
Vulnerability from csaf_redhat
Published
2013-04-22 21:17
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update
Notes
Topic
JBoss Web Framework Kit 2.2.0, which fixes two security issues, various
bugs, and adds enhancements is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The JBoss Web Framework Kit combines popular open source web frameworks
into a single solution for Java applications.
This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for
JBoss Web Framework Kit 2.1.0. It includes various bug fixes and
enhancements which are detailed in the JBoss Web Framework Kit 2.2.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/site/documentation/
This release also fixes the following security issues:
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
Note: Seam and RichFaces used the xerces:xercesImpl:2.9.1-patch01 artifact,
which is vulnerable to the CVE-2009-2625 flaw. In this release, the
artifact has been replaced with xerces:xercesImpl:2.9.1-redhat-3, which is
not vulnerable.
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Note: Jakarta Commons HttpClient 3 is vulnerable to CVE-2012-5783. Jakarta
Commons HttpClient 3 has reached its end of life as an Apache-maintained
component, and no upstream build is available that addresses this flaw. The
version of Jakarta Commons HttpClient 3 that ships with JBoss Web Framework
Kit 2.2.0 includes a patch for this flaw, which has been built by Red Hat.
Versions that are consumed from Maven Central do not have this patch
applied.
Jakarta Commons HttpClient 3 is a transitive dependency for multiple
components included in JBoss Web Framework Kit 2.2.0. If this dependency is
resolved using a build of HttpClient 3 from Maven Central, then this flaw
may be exposed.
Warning: Before applying this update, back up your existing installation of
JBoss Enterprise Application Platform or JBoss Enterprise Web Server, and
applications deployed to it.
All users of JBoss Web Framework Kit 2.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Web Framework Kit 2.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Web Framework Kit 2.2.0, which fixes two security issues, various\nbugs, and adds enhancements is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "The JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications.\n\nThis release of JBoss Web Framework Kit 2.2.0 serves as a replacement for\nJBoss Web Framework Kit 2.1.0. It includes various bug fixes and\nenhancements which are detailed in the JBoss Web Framework Kit 2.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis release also fixes the following security issues:\n\nA flaw was found in the way the Apache Xerces2 Java Parser processed the\nSYSTEM identifier in DTDs. A remote attacker could provide a\nspecially-crafted XML file, which once parsed by an application using the\nApache Xerces2 Java Parser, would lead to a denial of service (application\nhang due to excessive CPU use). (CVE-2009-2625)\n\nNote: Seam and RichFaces used the xerces:xercesImpl:2.9.1-patch01 artifact,\nwhich is vulnerable to the CVE-2009-2625 flaw. In this release, the\nartifact has been replaced with xerces:xercesImpl:2.9.1-redhat-3, which is\nnot vulnerable.\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nNote: Jakarta Commons HttpClient 3 is vulnerable to CVE-2012-5783. Jakarta\nCommons HttpClient 3 has reached its end of life as an Apache-maintained\ncomponent, and no upstream build is available that addresses this flaw. The\nversion of Jakarta Commons HttpClient 3 that ships with JBoss Web Framework\nKit 2.2.0 includes a patch for this flaw, which has been built by Red Hat.\nVersions that are consumed from Maven Central do not have this patch\napplied.\n\nJakarta Commons HttpClient 3 is a transitive dependency for multiple\ncomponents included in JBoss Web Framework Kit 2.2.0. If this dependency is\nresolved using a build of HttpClient 3 from Maven Central, then this flaw\nmay be exposed.\n\nWarning: Before applying this update, back up your existing installation of\nJBoss Enterprise Application Platform or JBoss Enterprise Web Server, and\napplications deployed to it.\n\nAll users of JBoss Web Framework Kit 2.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Web Framework Kit 2.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0763", url: "https://access.redhat.com/errata/RHSA-2013:0763", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/site/documentation/", url: "https://access.redhat.com/site/documentation/", }, { category: "external", summary: "512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0763.json", }, ], title: "Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update", tracking: { current_release_date: "2024-11-14T12:15:06+00:00", generator: { date: "2024-11-14T12:15:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0763", initial_release_date: "2013-04-22T21:17:00+00:00", revision_history: [ { date: "2013-04-22T21:17:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-04-22T21:25:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Framework Kit 2.2", product: { name: "Red Hat JBoss Web Framework Kit 2.2", product_id: "Red Hat JBoss Web Framework Kit 2.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_framework:2.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Framework Kit", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", discovery_date: "2009-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "512921", }, ], notes: [ { category: "description", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "Vulnerability description", }, { category: "summary", text: "JDK: XML parsing Denial-Of-Service (6845701)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "RHBZ#512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2625", url: "https://www.cve.org/CVERecord?id=CVE-2009-2625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", }, ], release_date: "2009-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-04-22T21:17:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of JBoss Enterprise Application Platform or JBoss\nEnterprise Web Server, and applications deployed to it.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0763", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JDK: XML parsing Denial-Of-Service (6845701)", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-04-22T21:17:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of JBoss Enterprise Application Platform or JBoss\nEnterprise Web Server, and applications deployed to it.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0763", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013:0680
Vulnerability from csaf_redhat
Published
2013-03-25 17:04
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise
Application Platform 5.2.0 which fixes one security issue is now available
for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to this updated
package. The JBoss server process must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jakarta-commons-httpclient package for JBoss Enterprise\nApplication Platform 5.2.0 which fixes one security issue is now available\nfor Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to this updated\npackage. The JBoss server process must be restarted for the update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0680", url: "https://access.redhat.com/errata/RHSA-2013:0680", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0680.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:02+00:00", generator: { date: "2024-11-14T12:15:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0680", initial_release_date: "2013-03-25T17:04:00+00:00", revision_history: [ { date: "2013-03-25T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:04:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0680", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013:1853
Vulnerability from csaf_redhat
Published
2013-12-17 18:30
Modified
2024-11-22 07:09
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update
Notes
Topic
Red Hat JBoss Operations Network 3.2.0, which fixes multiple security
issues and several bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Red Hat JBoss Operations Network is a middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.2.0 release serves as a replacement for
JBoss Operations Network 3.1.2, and includes several bug fixes. Refer to
the JBoss Operations Network 3.2.0 Release Notes for information on the
most significant of these changes. The Release Notes will be available
shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
It was found that sending a request without a session identifier to a
protected resource could bypass the Cross-Site Request Forgery (CSRF)
prevention filter. A remote attacker could use this flaw to perform CSRF
attacks against applications that rely on the CSRF prevention filter and do
not contain internal mitigation for CSRF. (CVE-2012-4431)
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially crafted XML signature block. (CVE-2013-2172)
Warning: Before applying the update, back up your existing JBoss Operations
Network installation (including its databases, applications, configuration
files, the JBoss Operations Network server's file system directory, and so
on).
All users of JBoss Operations Network 3.1.2 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Operations Network 3.2.0, which fixes multiple security\nissues and several bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Operations Network is a middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.2.0 release serves as a replacement for\nJBoss Operations Network 3.1.2, and includes several bug fixes. Refer to\nthe JBoss Operations Network 3.2.0 Release Notes for information on the\nmost significant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform CSRF\nattacks against applications that rely on the CSRF prevention filter and do\nnot contain internal mitigation for CSRF. (CVE-2012-4431)\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nWarning: Before applying the update, back up your existing JBoss Operations\nNetwork installation (including its databases, applications, configuration\nfiles, the JBoss Operations Network server's file system directory, and so\non).\n\nAll users of JBoss Operations Network 3.1.2 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1853", url: "https://access.redhat.com/errata/RHSA-2013:1853", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0", }, { category: "external", summary: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/", url: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "883636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883636", }, { category: "external", summary: "999263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=999263", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1853.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update", tracking: { current_release_date: "2024-11-22T07:09:01+00:00", generator: { date: "2024-11-22T07:09:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1853", initial_release_date: "2013-12-17T18:30:00+00:00", revision_history: [ { date: "2013-12-17T18:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:45:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T07:09:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Operations Network 3.2", product: { name: "Red Hat JBoss Operations Network 3.2", product_id: "Red Hat JBoss Operations Network 3.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_operations_network:3.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Operations Network", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-4431", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2012-12-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "883636", }, ], notes: [ { category: "description", text: "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat/JBoss Web - Bypass of CSRF prevention filter", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of tomcat5 as shipped with Red Hat Enterprise Linux 5 and tomcat6 as shipped with Red Hat Enterprise Linux 6 as they did not include the CSRF prevention filter.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-4431", }, { category: "external", summary: "RHBZ#883636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883636", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-4431", url: "https://www.cve.org/CVERecord?id=CVE-2012-4431", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", }, { category: "external", summary: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36", url: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36", }, { category: "external", summary: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32", url: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32", }, ], release_date: "2012-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Tomcat/JBoss Web - Bypass of CSRF prevention filter", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2013-2172", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, discovery_date: "2013-08-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "999263", }, ], notes: [ { category: "description", text: "A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.", title: "Vulnerability description", }, { category: "summary", text: "Java: XML signature spoofing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-2172", }, { category: "external", summary: "RHBZ#999263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=999263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-2172", url: "https://www.cve.org/CVERecord?id=CVE-2013-2172", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", }, { category: "external", summary: "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", url: "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", }, ], release_date: "2013-06-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Java: XML signature spoofing", }, ], }
rhsa-2013:0682
Vulnerability from csaf_redhat
Published
2013-03-25 17:05
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise Web
Platform 5.2.0 which fixes one security issue is now available for
Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise
Linux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss
server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jakarta-commons-httpclient package for JBoss Enterprise Web\nPlatform 5.2.0 which fixes one security issue is now available for\nRed Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise\nLinux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss\nserver process must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0682", url: "https://access.redhat.com/errata/RHSA-2013:0682", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0682.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:10+00:00", generator: { date: "2024-11-14T12:15:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0682", initial_release_date: "2013-03-25T17:05:00+00:00", revision_history: [ { date: "2013-03-25T17:05:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], known_not_affected: [ "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:05:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0682", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013_1147
Vulnerability from csaf_redhat
Published
2013-08-08 17:04
Modified
2024-11-22 06:54
Summary
Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update
Notes
Topic
Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three
security issues and various bugs, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss SOA Platform is the next-generation ESB and business process
automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage
existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and
CEP) integration methodologies to dramatically improve business process
execution speed and quality.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA
Platform 5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
A flaw in JRuby's JSON gem allowed remote attacks by creating different
types of malicious objects. For example, it could initiate a denial of
service attack through resource consumption by using a JSON document to
create arbitrary Ruby symbols, which were never garbage collected. It could
also be exploited to create internal objects which could allow a SQL
injection attack. (CVE-2013-0269)
It was discovered that JRuby's REXML library did not properly restrict XML
entity expansion. An attacker could use this flaw to cause a denial of
service by tricking a Ruby application using REXML to read text nodes from
specially-crafted XML content, which will result in REXML consuming large
amounts of system memory. (CVE-2013-1821)
Note: Red Hat JBoss SOA Platform only provides JRuby as a dependency of
the scripting_chain quickstart example application. The CVE-2013-0269 and
CVE-2013-1821 flaws are not exposed unless the version of JRuby shipped
with that quickstart is used by a deployed, custom application.
Red Hat would like to thank Ruby on Rails upstream for reporting
CVE-2013-0269. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben
Murphy as the original reporters of CVE-2013-0269.
Warning: Before applying the update, back up your existing Red Hat JBoss
SOA Platform installation (including its databases, applications,
configuration files, and so on).
All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red
Hat Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three\nsecurity issues and various bugs, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss SOA Platform is the next-generation ESB and business process\nautomation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage\nexisting (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and\nCEP) integration methodologies to dramatically improve business process\nexecution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nA flaw in JRuby's JSON gem allowed remote attacks by creating different\ntypes of malicious objects. For example, it could initiate a denial of\nservice attack through resource consumption by using a JSON document to\ncreate arbitrary Ruby symbols, which were never garbage collected. It could\nalso be exploited to create internal objects which could allow a SQL\ninjection attack. (CVE-2013-0269)\n\nIt was discovered that JRuby's REXML library did not properly restrict XML\nentity expansion. An attacker could use this flaw to cause a denial of\nservice by tricking a Ruby application using REXML to read text nodes from\nspecially-crafted XML content, which will result in REXML consuming large\namounts of system memory. (CVE-2013-1821)\n\nNote: Red Hat JBoss SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2013-0269 and\nCVE-2013-1821 flaws are not exposed unless the version of JRuby shipped\nwith that quickstart is used by a deployed, custom application.\n\nRed Hat would like to thank Ruby on Rails upstream for reporting\nCVE-2013-0269. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben\nMurphy as the original reporters of CVE-2013-0269.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red\nHat Customer Portal are advised to apply this roll up patch.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1147", url: "https://access.redhat.com/errata/RHSA-2013:1147", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "909029", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909029", }, { category: "external", summary: "914716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1147.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update", tracking: { current_release_date: "2024-11-22T06:54:54+00:00", generator: { date: "2024-11-22T06:54:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1147", initial_release_date: "2013-08-08T17:04:00+00:00", revision_history: [ { date: "2013-08-08T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-08-08T17:07:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T06:54:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 5.3", product: { name: "Red Hat JBoss SOA Platform 5.3", product_id: "Red Hat JBoss SOA Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { acknowledgments: [ { names: [ "Ruby on Rails upstream", ], }, { names: [ "Thomas Hollstegge", ], organization: "Zweitag", summary: "Acknowledged by upstream.", }, { names: [ "Ben Murphy", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2013-0269", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2013-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "909029", }, ], notes: [ { category: "description", text: "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"", title: "Vulnerability description", }, { category: "summary", text: "rubygem-json: Denial of Service and SQL Injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite tools ship RubyGem Json 1.4.6 which is earlier than affected 1.5.5 version however, this version of RubyGem is not affected to the flaw. We may update RubyGem in a future release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-0269", }, { category: "external", summary: "RHBZ#909029", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909029", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-0269", url: "https://www.cve.org/CVERecord?id=CVE-2013-0269", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", }, { category: "external", summary: "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", url: "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", }, ], release_date: "2013-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rubygem-json: Denial of Service and SQL Injection", }, { cve: "CVE-2013-1821", discovery_date: "2013-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "914716", }, ], notes: [ { category: "description", text: "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.", title: "Vulnerability description", }, { category: "summary", text: "ruby: entity expansion DoS vulnerability in REXML", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-1821", }, { category: "external", summary: "RHBZ#914716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-1821", url: "https://www.cve.org/CVERecord?id=CVE-2013-1821", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-1821", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-1821", }, { category: "external", summary: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, ], release_date: "2013-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ruby: entity expansion DoS vulnerability in REXML", }, ], }
rhsa-2013:1006
Vulnerability from csaf_redhat
Published
2013-07-01 15:10
Modified
2025-02-02 19:38
Summary
Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update
Notes
Topic
Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss BRMS is a business rules management system for the
management, storage, creation, modification, and deployment of JBoss Rules.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS
5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
XML encryption backwards compatibility attacks were found against various
frameworks, including Apache CXF. An attacker could force a server to use
insecure, legacy cryptosystems, even when secure cryptosystems were enabled
on endpoints. By forcing the use of legacy cryptosystems, flaws such as
CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be
recovered from cryptograms and symmetric keys. This issue affected both the
JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native
(jbossws-native) stacks. (CVE-2012-5575)
If you are using jbossws-cxf, then automatic checks to prevent this flaw
are only run when WS-SecurityPolicy is used to enforce security
requirements. It is best practice to use WS-SecurityPolicy to enforce
security requirements.
If you are using jbossws-native, the fix for this flaw is implemented by
two new configuration parameters in the 'encryption' element. This element
can be a child of 'requires' in both client and server wsse configuration
descriptors (set on a per-application basis via the application's
jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes
are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a
blank space or comma separated list of algorithm IDs that are allowed for
the encrypted incoming message, both for encryption and private key
wrapping. For backwards compatibility, no algorithm checks are performed by
default for empty lists or missing attributes.
For example (do not include the line break in your configuration):
encryption algorithms="aes-192-gcm aes-256-gcm"
keyWrapAlgorithms="rsa_oaep"
Specifies that incoming messages are required to be encrypted, and that the
only permitted encryption algorithms are AES-192 and 256 in GCM mode, and
RSA-OAEP only for key wrapping.
Before performing any decryption, the jbossws-native stack will verify that
each algorithm specified in the incoming messages is included in the
allowed algorithms lists from these new encryption element attributes. The
algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are
the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt'
element.
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Multiple weaknesses were found in the JBoss Web DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj
Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.
Warning: Before applying the update, back up your existing Red Hat JBoss
BRMS installation (including its databases, applications, configuration
files, and so on).
All users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer
Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS\n5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nXML encryption backwards compatibility attacks were found against various\nframeworks, including Apache CXF. An attacker could force a server to use\ninsecure, legacy cryptosystems, even when secure cryptosystems were enabled\non endpoints. By forcing the use of legacy cryptosystems, flaws such as\nCVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be\nrecovered from cryptograms and symmetric keys. This issue affected both the\nJBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native\n(jbossws-native) stacks. (CVE-2012-5575)\n\nIf you are using jbossws-cxf, then automatic checks to prevent this flaw\nare only run when WS-SecurityPolicy is used to enforce security\nrequirements. It is best practice to use WS-SecurityPolicy to enforce\nsecurity requirements.\n\nIf you are using jbossws-native, the fix for this flaw is implemented by\ntwo new configuration parameters in the 'encryption' element. This element\ncan be a child of 'requires' in both client and server wsse configuration\ndescriptors (set on a per-application basis via the application's\njboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes\nare 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a\nblank space or comma separated list of algorithm IDs that are allowed for\nthe encrypted incoming message, both for encryption and private key\nwrapping. For backwards compatibility, no algorithm checks are performed by\ndefault for empty lists or missing attributes.\n\nFor example (do not include the line break in your configuration):\n\nencryption algorithms=\"aes-192-gcm aes-256-gcm\"\nkeyWrapAlgorithms=\"rsa_oaep\"\n\nSpecifies that incoming messages are required to be encrypted, and that the\nonly permitted encryption algorithms are AES-192 and 256 in GCM mode, and\nRSA-OAEP only for key wrapping.\n\nBefore performing any decryption, the jbossws-native stack will verify that\neach algorithm specified in the incoming messages is included in the\nallowed algorithms lists from these new encryption element attributes. The\nalgorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are\nthe same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt'\nelement.\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nRed Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj\nSomorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nBRMS installation (including its databases, applications, configuration\nfiles, and so on).\n\nAll users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer\nPortal are advised to apply this roll up patch.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1006", url: "https://access.redhat.com/errata/RHSA-2013:1006", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=5.3.1", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=5.3.1", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "880443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=880443", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1006.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update", tracking: { current_release_date: "2025-02-02T19:38:27+00:00", generator: { date: "2025-02-02T19:38:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2013:1006", initial_release_date: "2013-07-01T15:10:00+00:00", revision_history: [ { date: "2013-07-01T15:10:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-07-01T15:14:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-02-02T19:38:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JBoss Enterprise BRMS Platform 5.3", product: { name: "JBoss Enterprise BRMS Platform 5.3", product_id: "JBoss Enterprise BRMS Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tibor Jager", "Kenneth G. Paterson", "Juraj Somorovsky", ], organization: "Ruhr-University Bochum", }, ], cve: "CVE-2012-5575", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2012-11-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "880443", }, ], notes: [ { category: "description", text: "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\"", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: XML encryption backwards compatibility attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5575", }, { category: "external", summary: "RHBZ#880443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=880443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5575", url: "https://www.cve.org/CVERecord?id=CVE-2012-5575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", }, { category: "external", summary: "http://cxf.apache.org/cve-2012-5575.html", url: "http://cxf.apache.org/cve-2012-5575.html", }, { category: "external", summary: "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", url: "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", }, ], release_date: "2013-03-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-cxf: XML encryption backwards compatibility attacks", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2012-5885", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5885", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5885", url: "https://www.cve.org/CVERecord?id=CVE-2012-5885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, { cve: "CVE-2012-5886", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5886", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5886", url: "https://www.cve.org/CVERecord?id=CVE-2012-5886", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, { cve: "CVE-2012-5887", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5887", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5887", url: "https://www.cve.org/CVERecord?id=CVE-2012-5887", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, ], }
RHSA-2013:0270
Vulnerability from csaf_redhat
Published
2013-02-19 20:40
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
Updated jakarta-commons-httpclient packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
All users of jakarta-commons-httpclient are advised to upgrade to these
updated packages, which correct this issue. Applications using the Jakarta
Commons HttpClient component must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jakarta-commons-httpclient packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nAll users of jakarta-commons-httpclient are advised to upgrade to these\nupdated packages, which correct this issue. Applications using the Jakarta\nCommons HttpClient component must be restarted for this update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0270", url: "https://access.redhat.com/errata/RHSA-2013:0270", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0270.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:14:21+00:00", generator: { date: "2024-11-14T12:14:21+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0270", initial_release_date: "2013-02-19T20:40:00+00:00", revision_history: [ { date: "2013-02-19T20:40:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-02-19T22:20:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:14:21+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-02-19T20:40:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0270", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:0682
Vulnerability from csaf_redhat
Published
2013-03-25 17:05
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise Web
Platform 5.2.0 which fixes one security issue is now available for
Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise
Linux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss
server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jakarta-commons-httpclient package for JBoss Enterprise Web\nPlatform 5.2.0 which fixes one security issue is now available for\nRed Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise\nLinux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss\nserver process must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0682", url: "https://access.redhat.com/errata/RHSA-2013:0682", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0682.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:10+00:00", generator: { date: "2024-11-14T12:15:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0682", initial_release_date: "2013-03-25T17:05:00+00:00", revision_history: [ { date: "2013-03-25T17:05:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], known_not_affected: [ "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:05:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0682", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2017_0868
Vulnerability from csaf_redhat
Published
2017-04-03 21:02
Modified
2024-11-22 10:51
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.
Security Fix(es):
* It was reported that Elasticsearch had vulnerabilities in the Groovy scripting engine, which allow an attacker to construct scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. (CVE-2015-1427)
* It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814)
* It was found that Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2012-5783)
* It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. (CVE-2016-1000229)
* A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. (CVE-2016-6812)
* Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk. (CVE-2016-8739)
* A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data. (CVE-2016-9177)
* It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack. (CVE-2017-3159)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was reported that Elasticsearch had vulnerabilities in the Groovy scripting engine, which allow an attacker to construct scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. (CVE-2015-1427)\n\n* It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814)\n\n* It was found that Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2012-5783)\n\n* It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. (CVE-2016-1000229)\n\n* A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. (CVE-2016-6812)\n\n* Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk. (CVE-2016-8739)\n\n* A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data. (CVE-2016-9177)\n\n* It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack. (CVE-2017-3159)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:0868", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq.broker&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq.broker&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "1191969", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191969", }, { category: "external", summary: "1360275", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360275", }, { category: "external", summary: "1393607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393607", }, { category: "external", summary: "1406810", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406810", }, { category: "external", summary: "1406811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406811", }, { category: "external", summary: "1413466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1413466", }, { category: "external", summary: "1420834", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420834", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0868.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update", tracking: { current_release_date: "2024-11-22T10:51:39+00:00", generator: { date: "2024-11-22T10:51:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:0868", initial_release_date: "2017-04-03T21:02:28+00:00", revision_history: [ { date: "2017-04-03T21:02:28+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-02T15:51:20+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:51:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.3", product: { name: "Red Hat JBoss A-MQ 6.3", product_id: "Red Hat JBoss A-MQ 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.3", }, }, }, { category: "product_name", name: "Red Hat JBoss Fuse 6.3", product: { name: "Red Hat JBoss Fuse 6.3", product_id: "Red Hat JBoss Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2015-1427", discovery_date: "2015-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1191969", }, ], notes: [ { category: "description", text: "It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.", title: "Vulnerability description", }, { category: "summary", text: "elasticsearch: remote code execution via Groovy sandbox bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1427", }, { category: "external", summary: "RHBZ#1191969", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191969", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1427", url: "https://www.cve.org/CVERecord?id=CVE-2015-1427", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2022-03-25T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "elasticsearch: remote code execution via Groovy sandbox bypass", }, { cve: "CVE-2015-7559", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2015-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1293972", }, ], notes: [ { category: "description", text: "It was found that the Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.", title: "Vulnerability description", }, { category: "summary", text: "ActiveMQ: DoS in client via shutdown command", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7559", }, { category: "external", summary: "RHBZ#1293972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7559", url: "https://www.cve.org/CVERecord?id=CVE-2015-7559", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7559", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7559", }, ], release_date: "2017-04-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ActiveMQ: DoS in client via shutdown command", }, { cve: "CVE-2016-6812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406810", }, ], notes: [ { category: "description", text: "A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: XSS in Apache CXF FormattedServiceListWriter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6812", }, { category: "external", summary: "RHBZ#1406810", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406810", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6812", url: "https://www.cve.org/CVERecord?id=CVE-2016-6812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", }, { category: "external", summary: "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2", url: "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2", }, ], release_date: "2016-12-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-cxf: XSS in Apache CXF FormattedServiceListWriter", }, { cve: "CVE-2016-6814", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1413466", }, ], notes: [ { category: "description", text: "It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "Groovy: Remote code execution via deserialization", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of groovy as shipped with Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship groovy, as such they are not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6814", }, { category: "external", summary: "RHBZ#1413466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1413466", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6814", url: "https://www.cve.org/CVERecord?id=CVE-2016-6814", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6814", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6814", }, ], release_date: "2017-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Groovy: Remote code execution via deserialization", }, { cve: "CVE-2016-8739", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2016-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406811", }, ], notes: [ { category: "description", text: "Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk.", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8739", }, { category: "external", summary: "RHBZ#1406811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406811", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8739", url: "https://www.cve.org/CVERecord?id=CVE-2016-8739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", }, { category: "external", summary: "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2", url: "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2", }, ], release_date: "2016-12-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE", }, { cve: "CVE-2016-9177", discovery_date: "2016-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393607", }, ], notes: [ { category: "description", text: "A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "Spark: Directory traversal vulnerability in version 2.5", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9177", }, { category: "external", summary: "RHBZ#1393607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9177", url: "https://www.cve.org/CVERecord?id=CVE-2016-9177", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9177", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9177", }, { category: "external", summary: "http://seclists.org/fulldisclosure/2016/Nov/13", url: "http://seclists.org/fulldisclosure/2016/Nov/13", }, ], release_date: "2016-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Spark: Directory traversal vulnerability in version 2.5", }, { cve: "CVE-2016-1000229", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1360275", }, ], notes: [ { category: "description", text: "It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter.", title: "Vulnerability description", }, { category: "summary", text: "swagger-ui: cross-site scripting in key names", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-1000229", }, { category: "external", summary: "RHBZ#1360275", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360275", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-1000229", url: "https://www.cve.org/CVERecord?id=CVE-2016-1000229", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-1000229", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-1000229", }, { category: "external", summary: "https://nodesecurity.io/advisories/126", url: "https://nodesecurity.io/advisories/126", }, ], release_date: "2016-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "swagger-ui: cross-site scripting in key names", }, { cve: "CVE-2017-3159", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-02-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1420834", }, ], notes: [ { category: "description", text: "It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack.", title: "Vulnerability description", }, { category: "summary", text: "camel-snakeyaml: Unmarshalling operation is vulnerable to RCE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3159", }, { category: "external", summary: "RHBZ#1420834", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420834", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3159", url: "https://www.cve.org/CVERecord?id=CVE-2017-3159", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3159", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3159", }, { category: "external", summary: "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc", url: "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc", }, ], release_date: "2016-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-snakeyaml: Unmarshalling operation is vulnerable to RCE", }, ], }
rhsa-2013_0679
Vulnerability from csaf_redhat
Published
2013-03-25 17:03
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.2.0 which fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 as provided from
the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 5.2.0 which fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 as provided from\nthe Red Hat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0679", url: "https://access.redhat.com/errata/RHSA-2013:0679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0679.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:14:58+00:00", generator: { date: "2024-11-14T12:14:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0679", initial_release_date: "2013-03-25T17:03:00+00:00", revision_history: [ { date: "2013-03-25T17:03:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:46:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:14:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5.2", product: { name: "Red Hat JBoss Enterprise Application Platform 5.2", product_id: "Red Hat JBoss Enterprise Application Platform 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:03:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0679", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:1006
Vulnerability from csaf_redhat
Published
2013-07-01 15:10
Modified
2025-02-02 19:38
Summary
Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update
Notes
Topic
Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss BRMS is a business rules management system for the
management, storage, creation, modification, and deployment of JBoss Rules.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS
5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
XML encryption backwards compatibility attacks were found against various
frameworks, including Apache CXF. An attacker could force a server to use
insecure, legacy cryptosystems, even when secure cryptosystems were enabled
on endpoints. By forcing the use of legacy cryptosystems, flaws such as
CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be
recovered from cryptograms and symmetric keys. This issue affected both the
JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native
(jbossws-native) stacks. (CVE-2012-5575)
If you are using jbossws-cxf, then automatic checks to prevent this flaw
are only run when WS-SecurityPolicy is used to enforce security
requirements. It is best practice to use WS-SecurityPolicy to enforce
security requirements.
If you are using jbossws-native, the fix for this flaw is implemented by
two new configuration parameters in the 'encryption' element. This element
can be a child of 'requires' in both client and server wsse configuration
descriptors (set on a per-application basis via the application's
jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes
are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a
blank space or comma separated list of algorithm IDs that are allowed for
the encrypted incoming message, both for encryption and private key
wrapping. For backwards compatibility, no algorithm checks are performed by
default for empty lists or missing attributes.
For example (do not include the line break in your configuration):
encryption algorithms="aes-192-gcm aes-256-gcm"
keyWrapAlgorithms="rsa_oaep"
Specifies that incoming messages are required to be encrypted, and that the
only permitted encryption algorithms are AES-192 and 256 in GCM mode, and
RSA-OAEP only for key wrapping.
Before performing any decryption, the jbossws-native stack will verify that
each algorithm specified in the incoming messages is included in the
allowed algorithms lists from these new encryption element attributes. The
algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are
the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt'
element.
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Multiple weaknesses were found in the JBoss Web DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj
Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.
Warning: Before applying the update, back up your existing Red Hat JBoss
BRMS installation (including its databases, applications, configuration
files, and so on).
All users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer
Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS\n5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nXML encryption backwards compatibility attacks were found against various\nframeworks, including Apache CXF. An attacker could force a server to use\ninsecure, legacy cryptosystems, even when secure cryptosystems were enabled\non endpoints. By forcing the use of legacy cryptosystems, flaws such as\nCVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be\nrecovered from cryptograms and symmetric keys. This issue affected both the\nJBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native\n(jbossws-native) stacks. (CVE-2012-5575)\n\nIf you are using jbossws-cxf, then automatic checks to prevent this flaw\nare only run when WS-SecurityPolicy is used to enforce security\nrequirements. It is best practice to use WS-SecurityPolicy to enforce\nsecurity requirements.\n\nIf you are using jbossws-native, the fix for this flaw is implemented by\ntwo new configuration parameters in the 'encryption' element. This element\ncan be a child of 'requires' in both client and server wsse configuration\ndescriptors (set on a per-application basis via the application's\njboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes\nare 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a\nblank space or comma separated list of algorithm IDs that are allowed for\nthe encrypted incoming message, both for encryption and private key\nwrapping. For backwards compatibility, no algorithm checks are performed by\ndefault for empty lists or missing attributes.\n\nFor example (do not include the line break in your configuration):\n\nencryption algorithms=\"aes-192-gcm aes-256-gcm\"\nkeyWrapAlgorithms=\"rsa_oaep\"\n\nSpecifies that incoming messages are required to be encrypted, and that the\nonly permitted encryption algorithms are AES-192 and 256 in GCM mode, and\nRSA-OAEP only for key wrapping.\n\nBefore performing any decryption, the jbossws-native stack will verify that\neach algorithm specified in the incoming messages is included in the\nallowed algorithms lists from these new encryption element attributes. The\nalgorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are\nthe same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt'\nelement.\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nRed Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj\nSomorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nBRMS installation (including its databases, applications, configuration\nfiles, and so on).\n\nAll users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer\nPortal are advised to apply this roll up patch.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1006", url: "https://access.redhat.com/errata/RHSA-2013:1006", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=5.3.1", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=5.3.1", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "880443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=880443", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1006.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update", tracking: { current_release_date: "2025-02-02T19:38:27+00:00", generator: { date: "2025-02-02T19:38:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2013:1006", initial_release_date: "2013-07-01T15:10:00+00:00", revision_history: [ { date: "2013-07-01T15:10:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-07-01T15:14:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-02-02T19:38:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JBoss Enterprise BRMS Platform 5.3", product: { name: "JBoss Enterprise BRMS Platform 5.3", product_id: "JBoss Enterprise BRMS Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Tibor Jager", "Kenneth G. Paterson", "Juraj Somorovsky", ], organization: "Ruhr-University Bochum", }, ], cve: "CVE-2012-5575", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2012-11-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "880443", }, ], notes: [ { category: "description", text: "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\"", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: XML encryption backwards compatibility attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5575", }, { category: "external", summary: "RHBZ#880443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=880443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5575", url: "https://www.cve.org/CVERecord?id=CVE-2012-5575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5575", }, { category: "external", summary: "http://cxf.apache.org/cve-2012-5575.html", url: "http://cxf.apache.org/cve-2012-5575.html", }, { category: "external", summary: "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", url: "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", }, ], release_date: "2013-03-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-cxf: XML encryption backwards compatibility attacks", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2012-5885", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5885", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5885", url: "https://www.cve.org/CVERecord?id=CVE-2012-5885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, { cve: "CVE-2012-5886", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5886", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5886", url: "https://www.cve.org/CVERecord?id=CVE-2012-5886", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, { cve: "CVE-2012-5887", discovery_date: "2012-11-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873664", }, ], notes: [ { category: "description", text: "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: three DIGEST authentication implementation issues", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JBoss Enterprise BRMS Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5887", }, { category: "external", summary: "RHBZ#873664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873664", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5887", url: "https://www.cve.org/CVERecord?id=CVE-2012-5887", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", }, ], release_date: "2012-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-07-01T15:10:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss BRMS installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss BRMS server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss\nBRMS server by starting the JBoss Application Server process.", product_ids: [ "JBoss Enterprise BRMS Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1006", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "JBoss Enterprise BRMS Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: three DIGEST authentication implementation issues", }, ], }
rhsa-2013:0679
Vulnerability from csaf_redhat
Published
2013-03-25 17:03
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.2.0 which fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 as provided from
the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 5.2.0 which fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 as provided from\nthe Red Hat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0679", url: "https://access.redhat.com/errata/RHSA-2013:0679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0679.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:14:58+00:00", generator: { date: "2024-11-14T12:14:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0679", initial_release_date: "2013-03-25T17:03:00+00:00", revision_history: [ { date: "2013-03-25T17:03:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:46:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:14:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5.2", product: { name: "Red Hat JBoss Enterprise Application Platform 5.2", product_id: "Red Hat JBoss Enterprise Application Platform 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:03:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0679", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:1147
Vulnerability from csaf_redhat
Published
2013-08-08 17:04
Modified
2024-11-22 06:54
Summary
Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update
Notes
Topic
Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three
security issues and various bugs, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss SOA Platform is the next-generation ESB and business process
automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage
existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and
CEP) integration methodologies to dramatically improve business process
execution speed and quality.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA
Platform 5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
A flaw in JRuby's JSON gem allowed remote attacks by creating different
types of malicious objects. For example, it could initiate a denial of
service attack through resource consumption by using a JSON document to
create arbitrary Ruby symbols, which were never garbage collected. It could
also be exploited to create internal objects which could allow a SQL
injection attack. (CVE-2013-0269)
It was discovered that JRuby's REXML library did not properly restrict XML
entity expansion. An attacker could use this flaw to cause a denial of
service by tricking a Ruby application using REXML to read text nodes from
specially-crafted XML content, which will result in REXML consuming large
amounts of system memory. (CVE-2013-1821)
Note: Red Hat JBoss SOA Platform only provides JRuby as a dependency of
the scripting_chain quickstart example application. The CVE-2013-0269 and
CVE-2013-1821 flaws are not exposed unless the version of JRuby shipped
with that quickstart is used by a deployed, custom application.
Red Hat would like to thank Ruby on Rails upstream for reporting
CVE-2013-0269. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben
Murphy as the original reporters of CVE-2013-0269.
Warning: Before applying the update, back up your existing Red Hat JBoss
SOA Platform installation (including its databases, applications,
configuration files, and so on).
All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red
Hat Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three\nsecurity issues and various bugs, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss SOA Platform is the next-generation ESB and business process\nautomation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage\nexisting (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and\nCEP) integration methodologies to dramatically improve business process\nexecution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nA flaw in JRuby's JSON gem allowed remote attacks by creating different\ntypes of malicious objects. For example, it could initiate a denial of\nservice attack through resource consumption by using a JSON document to\ncreate arbitrary Ruby symbols, which were never garbage collected. It could\nalso be exploited to create internal objects which could allow a SQL\ninjection attack. (CVE-2013-0269)\n\nIt was discovered that JRuby's REXML library did not properly restrict XML\nentity expansion. An attacker could use this flaw to cause a denial of\nservice by tricking a Ruby application using REXML to read text nodes from\nspecially-crafted XML content, which will result in REXML consuming large\namounts of system memory. (CVE-2013-1821)\n\nNote: Red Hat JBoss SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2013-0269 and\nCVE-2013-1821 flaws are not exposed unless the version of JRuby shipped\nwith that quickstart is used by a deployed, custom application.\n\nRed Hat would like to thank Ruby on Rails upstream for reporting\nCVE-2013-0269. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben\nMurphy as the original reporters of CVE-2013-0269.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red\nHat Customer Portal are advised to apply this roll up patch.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1147", url: "https://access.redhat.com/errata/RHSA-2013:1147", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "909029", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909029", }, { category: "external", summary: "914716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1147.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update", tracking: { current_release_date: "2024-11-22T06:54:54+00:00", generator: { date: "2024-11-22T06:54:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1147", initial_release_date: "2013-08-08T17:04:00+00:00", revision_history: [ { date: "2013-08-08T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-08-08T17:07:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T06:54:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 5.3", product: { name: "Red Hat JBoss SOA Platform 5.3", product_id: "Red Hat JBoss SOA Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { acknowledgments: [ { names: [ "Ruby on Rails upstream", ], }, { names: [ "Thomas Hollstegge", ], organization: "Zweitag", summary: "Acknowledged by upstream.", }, { names: [ "Ben Murphy", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2013-0269", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2013-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "909029", }, ], notes: [ { category: "description", text: "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"", title: "Vulnerability description", }, { category: "summary", text: "rubygem-json: Denial of Service and SQL Injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite tools ship RubyGem Json 1.4.6 which is earlier than affected 1.5.5 version however, this version of RubyGem is not affected to the flaw. We may update RubyGem in a future release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-0269", }, { category: "external", summary: "RHBZ#909029", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909029", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-0269", url: "https://www.cve.org/CVERecord?id=CVE-2013-0269", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", }, { category: "external", summary: "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", url: "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", }, ], release_date: "2013-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rubygem-json: Denial of Service and SQL Injection", }, { cve: "CVE-2013-1821", discovery_date: "2013-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "914716", }, ], notes: [ { category: "description", text: "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.", title: "Vulnerability description", }, { category: "summary", text: "ruby: entity expansion DoS vulnerability in REXML", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-1821", }, { category: "external", summary: "RHBZ#914716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-1821", url: "https://www.cve.org/CVERecord?id=CVE-2013-1821", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-1821", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-1821", }, { category: "external", summary: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, ], release_date: "2013-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ruby: entity expansion DoS vulnerability in REXML", }, ], }
rhsa-2013_1853
Vulnerability from csaf_redhat
Published
2013-12-17 18:30
Modified
2024-11-22 07:09
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update
Notes
Topic
Red Hat JBoss Operations Network 3.2.0, which fixes multiple security
issues and several bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Red Hat JBoss Operations Network is a middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.2.0 release serves as a replacement for
JBoss Operations Network 3.1.2, and includes several bug fixes. Refer to
the JBoss Operations Network 3.2.0 Release Notes for information on the
most significant of these changes. The Release Notes will be available
shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
It was found that sending a request without a session identifier to a
protected resource could bypass the Cross-Site Request Forgery (CSRF)
prevention filter. A remote attacker could use this flaw to perform CSRF
attacks against applications that rely on the CSRF prevention filter and do
not contain internal mitigation for CSRF. (CVE-2012-4431)
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially crafted XML signature block. (CVE-2013-2172)
Warning: Before applying the update, back up your existing JBoss Operations
Network installation (including its databases, applications, configuration
files, the JBoss Operations Network server's file system directory, and so
on).
All users of JBoss Operations Network 3.1.2 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Operations Network 3.2.0, which fixes multiple security\nissues and several bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Operations Network is a middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.2.0 release serves as a replacement for\nJBoss Operations Network 3.1.2, and includes several bug fixes. Refer to\nthe JBoss Operations Network 3.2.0 Release Notes for information on the\nmost significant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform CSRF\nattacks against applications that rely on the CSRF prevention filter and do\nnot contain internal mitigation for CSRF. (CVE-2012-4431)\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nWarning: Before applying the update, back up your existing JBoss Operations\nNetwork installation (including its databases, applications, configuration\nfiles, the JBoss Operations Network server's file system directory, and so\non).\n\nAll users of JBoss Operations Network 3.1.2 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1853", url: "https://access.redhat.com/errata/RHSA-2013:1853", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0", }, { category: "external", summary: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/", url: "https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "883636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883636", }, { category: "external", summary: "999263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=999263", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1853.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update", tracking: { current_release_date: "2024-11-22T07:09:01+00:00", generator: { date: "2024-11-22T07:09:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1853", initial_release_date: "2013-12-17T18:30:00+00:00", revision_history: [ { date: "2013-12-17T18:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:45:41+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T07:09:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Operations Network 3.2", product: { name: "Red Hat JBoss Operations Network 3.2", product_id: "Red Hat JBoss Operations Network 3.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_operations_network:3.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Operations Network", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-4431", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2012-12-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "883636", }, ], notes: [ { category: "description", text: "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat/JBoss Web - Bypass of CSRF prevention filter", title: "Vulnerability summary", }, { category: "other", text: "This issue did not affect the versions of tomcat5 as shipped with Red Hat Enterprise Linux 5 and tomcat6 as shipped with Red Hat Enterprise Linux 6 as they did not include the CSRF prevention filter.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-4431", }, { category: "external", summary: "RHBZ#883636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883636", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-4431", url: "https://www.cve.org/CVERecord?id=CVE-2012-4431", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-4431", }, { category: "external", summary: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36", url: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36", }, { category: "external", summary: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32", url: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.32", }, ], release_date: "2012-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Tomcat/JBoss Web - Bypass of CSRF prevention filter", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2013-2172", cwe: { id: "CWE-290", name: "Authentication Bypass by Spoofing", }, discovery_date: "2013-08-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "999263", }, ], notes: [ { category: "description", text: "A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.", title: "Vulnerability description", }, { category: "summary", text: "Java: XML signature spoofing", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Operations Network 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-2172", }, { category: "external", summary: "RHBZ#999263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=999263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-2172", url: "https://www.cve.org/CVERecord?id=CVE-2013-2172", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", }, { category: "external", summary: "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", url: "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", }, ], release_date: "2013-06-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-12-17T18:30:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server's\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.2.0 Release Notes for\ninstallation information.", product_ids: [ "Red Hat JBoss Operations Network 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1853", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss Operations Network 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Java: XML signature spoofing", }, ], }
RHSA-2013:0681
Vulnerability from csaf_redhat
Published
2013-03-25 17:04
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security
issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security\nissue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0681", url: "https://access.redhat.com/errata/RHSA-2013:0681", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0681.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:05+00:00", generator: { date: "2024-11-14T12:15:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0681", initial_release_date: "2013-03-25T17:04:00+00:00", revision_history: [ { date: "2013-03-25T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:47+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5.2", product: { name: "Red Hat JBoss Web Platform 5.2", product_id: "Red Hat JBoss Web Platform 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Platform 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Platform 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0681", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Platform 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013:0681
Vulnerability from csaf_redhat
Published
2013-03-25 17:04
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security
issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security\nissue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0681", url: "https://access.redhat.com/errata/RHSA-2013:0681", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0681.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:05+00:00", generator: { date: "2024-11-14T12:15:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0681", initial_release_date: "2013-03-25T17:04:00+00:00", revision_history: [ { date: "2013-03-25T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:47+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5.2", product: { name: "Red Hat JBoss Web Platform 5.2", product_id: "Red Hat JBoss Web Platform 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Platform 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Platform 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0681", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Platform 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:0679
Vulnerability from csaf_redhat
Published
2013-03-25 17:03
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.2.0 which fixes one
security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 as provided from
the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Application Platform 5.2.0 which fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 as provided from\nthe Red Hat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0679", url: "https://access.redhat.com/errata/RHSA-2013:0679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0679.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:14:58+00:00", generator: { date: "2024-11-14T12:14:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0679", initial_release_date: "2013-03-25T17:03:00+00:00", revision_history: [ { date: "2013-03-25T17:03:00+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:46:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:14:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5.2", product: { name: "Red Hat JBoss Enterprise Application Platform 5.2", product_id: "Red Hat JBoss Enterprise Application Platform 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:03:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0679", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Enterprise Application Platform 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:0680
Vulnerability from csaf_redhat
Published
2013-03-25 17:04
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise
Application Platform 5.2.0 which fixes one security issue is now available
for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to this updated
package. The JBoss server process must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jakarta-commons-httpclient package for JBoss Enterprise\nApplication Platform 5.2.0 which fixes one security issue is now available\nfor Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to this updated\npackage. The JBoss server process must be restarted for the update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0680", url: "https://access.redhat.com/errata/RHSA-2013:0680", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0680.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:02+00:00", generator: { date: "2024-11-14T12:15:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0680", initial_release_date: "2013-03-25T17:04:00+00:00", revision_history: [ { date: "2013-03-25T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:04:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0680", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2017:0868
Vulnerability from csaf_redhat
Published
2017-04-03 21:02
Modified
2024-11-22 10:51
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.
Security Fix(es):
* It was reported that Elasticsearch had vulnerabilities in the Groovy scripting engine, which allow an attacker to construct scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. (CVE-2015-1427)
* It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814)
* It was found that Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2012-5783)
* It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. (CVE-2016-1000229)
* A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. (CVE-2016-6812)
* Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk. (CVE-2016-8739)
* A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data. (CVE-2016-9177)
* It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack. (CVE-2017-3159)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was reported that Elasticsearch had vulnerabilities in the Groovy scripting engine, which allow an attacker to construct scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. (CVE-2015-1427)\n\n* It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814)\n\n* It was found that Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2012-5783)\n\n* It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. (CVE-2016-1000229)\n\n* A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. (CVE-2016-6812)\n\n* Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk. (CVE-2016-8739)\n\n* A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data. (CVE-2016-9177)\n\n* It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack. (CVE-2017-3159)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:0868", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq.broker&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq.broker&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "1191969", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191969", }, { category: "external", summary: "1360275", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360275", }, { category: "external", summary: "1393607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393607", }, { category: "external", summary: "1406810", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406810", }, { category: "external", summary: "1406811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406811", }, { category: "external", summary: "1413466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1413466", }, { category: "external", summary: "1420834", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420834", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0868.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update", tracking: { current_release_date: "2024-11-22T10:51:39+00:00", generator: { date: "2024-11-22T10:51:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:0868", initial_release_date: "2017-04-03T21:02:28+00:00", revision_history: [ { date: "2017-04-03T21:02:28+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-02T15:51:20+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:51:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.3", product: { name: "Red Hat JBoss A-MQ 6.3", product_id: "Red Hat JBoss A-MQ 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.3", }, }, }, { category: "product_name", name: "Red Hat JBoss Fuse 6.3", product: { name: "Red Hat JBoss Fuse 6.3", product_id: "Red Hat JBoss Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2015-1427", discovery_date: "2015-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1191969", }, ], notes: [ { category: "description", text: "It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.", title: "Vulnerability description", }, { category: "summary", text: "elasticsearch: remote code execution via Groovy sandbox bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1427", }, { category: "external", summary: "RHBZ#1191969", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191969", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1427", url: "https://www.cve.org/CVERecord?id=CVE-2015-1427", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2022-03-25T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "elasticsearch: remote code execution via Groovy sandbox bypass", }, { cve: "CVE-2015-7559", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2015-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1293972", }, ], notes: [ { category: "description", text: "It was found that the Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.", title: "Vulnerability description", }, { category: "summary", text: "ActiveMQ: DoS in client via shutdown command", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7559", }, { category: "external", summary: "RHBZ#1293972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7559", url: "https://www.cve.org/CVERecord?id=CVE-2015-7559", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7559", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7559", }, ], release_date: "2017-04-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ActiveMQ: DoS in client via shutdown command", }, { cve: "CVE-2016-6812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406810", }, ], notes: [ { category: "description", text: "A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: XSS in Apache CXF FormattedServiceListWriter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6812", }, { category: "external", summary: "RHBZ#1406810", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406810", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6812", url: "https://www.cve.org/CVERecord?id=CVE-2016-6812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", }, { category: "external", summary: "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2", url: "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2", }, ], release_date: "2016-12-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-cxf: XSS in Apache CXF FormattedServiceListWriter", }, { cve: "CVE-2016-6814", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1413466", }, ], notes: [ { category: "description", text: "It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "Groovy: Remote code execution via deserialization", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of groovy as shipped with Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship groovy, as such they are not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6814", }, { category: "external", summary: "RHBZ#1413466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1413466", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6814", url: "https://www.cve.org/CVERecord?id=CVE-2016-6814", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6814", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6814", }, ], release_date: "2017-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Groovy: Remote code execution via deserialization", }, { cve: "CVE-2016-8739", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2016-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406811", }, ], notes: [ { category: "description", text: "Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk.", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8739", }, { category: "external", summary: "RHBZ#1406811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406811", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8739", url: "https://www.cve.org/CVERecord?id=CVE-2016-8739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", }, { category: "external", summary: "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2", url: "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2", }, ], release_date: "2016-12-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE", }, { cve: "CVE-2016-9177", discovery_date: "2016-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393607", }, ], notes: [ { category: "description", text: "A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "Spark: Directory traversal vulnerability in version 2.5", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9177", }, { category: "external", summary: "RHBZ#1393607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9177", url: "https://www.cve.org/CVERecord?id=CVE-2016-9177", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9177", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9177", }, { category: "external", summary: "http://seclists.org/fulldisclosure/2016/Nov/13", url: "http://seclists.org/fulldisclosure/2016/Nov/13", }, ], release_date: "2016-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Spark: Directory traversal vulnerability in version 2.5", }, { cve: "CVE-2016-1000229", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1360275", }, ], notes: [ { category: "description", text: "It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter.", title: "Vulnerability description", }, { category: "summary", text: "swagger-ui: cross-site scripting in key names", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-1000229", }, { category: "external", summary: "RHBZ#1360275", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360275", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-1000229", url: "https://www.cve.org/CVERecord?id=CVE-2016-1000229", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-1000229", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-1000229", }, { category: "external", summary: "https://nodesecurity.io/advisories/126", url: "https://nodesecurity.io/advisories/126", }, ], release_date: "2016-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "swagger-ui: cross-site scripting in key names", }, { cve: "CVE-2017-3159", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-02-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1420834", }, ], notes: [ { category: "description", text: "It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack.", title: "Vulnerability description", }, { category: "summary", text: "camel-snakeyaml: Unmarshalling operation is vulnerable to RCE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3159", }, { category: "external", summary: "RHBZ#1420834", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420834", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3159", url: "https://www.cve.org/CVERecord?id=CVE-2017-3159", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3159", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3159", }, { category: "external", summary: "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc", url: "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc", }, ], release_date: "2016-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-snakeyaml: Unmarshalling operation is vulnerable to RCE", }, ], }
rhsa-2013:0763
Vulnerability from csaf_redhat
Published
2013-04-22 21:17
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update
Notes
Topic
JBoss Web Framework Kit 2.2.0, which fixes two security issues, various
bugs, and adds enhancements is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The JBoss Web Framework Kit combines popular open source web frameworks
into a single solution for Java applications.
This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for
JBoss Web Framework Kit 2.1.0. It includes various bug fixes and
enhancements which are detailed in the JBoss Web Framework Kit 2.2.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/site/documentation/
This release also fixes the following security issues:
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
Note: Seam and RichFaces used the xerces:xercesImpl:2.9.1-patch01 artifact,
which is vulnerable to the CVE-2009-2625 flaw. In this release, the
artifact has been replaced with xerces:xercesImpl:2.9.1-redhat-3, which is
not vulnerable.
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Note: Jakarta Commons HttpClient 3 is vulnerable to CVE-2012-5783. Jakarta
Commons HttpClient 3 has reached its end of life as an Apache-maintained
component, and no upstream build is available that addresses this flaw. The
version of Jakarta Commons HttpClient 3 that ships with JBoss Web Framework
Kit 2.2.0 includes a patch for this flaw, which has been built by Red Hat.
Versions that are consumed from Maven Central do not have this patch
applied.
Jakarta Commons HttpClient 3 is a transitive dependency for multiple
components included in JBoss Web Framework Kit 2.2.0. If this dependency is
resolved using a build of HttpClient 3 from Maven Central, then this flaw
may be exposed.
Warning: Before applying this update, back up your existing installation of
JBoss Enterprise Application Platform or JBoss Enterprise Web Server, and
applications deployed to it.
All users of JBoss Web Framework Kit 2.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Web Framework Kit 2.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Web Framework Kit 2.2.0, which fixes two security issues, various\nbugs, and adds enhancements is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "The JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications.\n\nThis release of JBoss Web Framework Kit 2.2.0 serves as a replacement for\nJBoss Web Framework Kit 2.1.0. It includes various bug fixes and\nenhancements which are detailed in the JBoss Web Framework Kit 2.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis release also fixes the following security issues:\n\nA flaw was found in the way the Apache Xerces2 Java Parser processed the\nSYSTEM identifier in DTDs. A remote attacker could provide a\nspecially-crafted XML file, which once parsed by an application using the\nApache Xerces2 Java Parser, would lead to a denial of service (application\nhang due to excessive CPU use). (CVE-2009-2625)\n\nNote: Seam and RichFaces used the xerces:xercesImpl:2.9.1-patch01 artifact,\nwhich is vulnerable to the CVE-2009-2625 flaw. In this release, the\nartifact has been replaced with xerces:xercesImpl:2.9.1-redhat-3, which is\nnot vulnerable.\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nNote: Jakarta Commons HttpClient 3 is vulnerable to CVE-2012-5783. Jakarta\nCommons HttpClient 3 has reached its end of life as an Apache-maintained\ncomponent, and no upstream build is available that addresses this flaw. The\nversion of Jakarta Commons HttpClient 3 that ships with JBoss Web Framework\nKit 2.2.0 includes a patch for this flaw, which has been built by Red Hat.\nVersions that are consumed from Maven Central do not have this patch\napplied.\n\nJakarta Commons HttpClient 3 is a transitive dependency for multiple\ncomponents included in JBoss Web Framework Kit 2.2.0. If this dependency is\nresolved using a build of HttpClient 3 from Maven Central, then this flaw\nmay be exposed.\n\nWarning: Before applying this update, back up your existing installation of\nJBoss Enterprise Application Platform or JBoss Enterprise Web Server, and\napplications deployed to it.\n\nAll users of JBoss Web Framework Kit 2.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Web Framework Kit 2.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0763", url: "https://access.redhat.com/errata/RHSA-2013:0763", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/site/documentation/", url: "https://access.redhat.com/site/documentation/", }, { category: "external", summary: "512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0763.json", }, ], title: "Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update", tracking: { current_release_date: "2024-11-14T12:15:06+00:00", generator: { date: "2024-11-14T12:15:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0763", initial_release_date: "2013-04-22T21:17:00+00:00", revision_history: [ { date: "2013-04-22T21:17:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-04-22T21:25:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Framework Kit 2.2", product: { name: "Red Hat JBoss Web Framework Kit 2.2", product_id: "Red Hat JBoss Web Framework Kit 2.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_framework:2.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Framework Kit", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", discovery_date: "2009-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "512921", }, ], notes: [ { category: "description", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "Vulnerability description", }, { category: "summary", text: "JDK: XML parsing Denial-Of-Service (6845701)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "RHBZ#512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2625", url: "https://www.cve.org/CVERecord?id=CVE-2009-2625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", }, ], release_date: "2009-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-04-22T21:17:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of JBoss Enterprise Application Platform or JBoss\nEnterprise Web Server, and applications deployed to it.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0763", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JDK: XML parsing Denial-Of-Service (6845701)", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-04-22T21:17:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of JBoss Enterprise Application Platform or JBoss\nEnterprise Web Server, and applications deployed to it.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0763", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013:1147
Vulnerability from csaf_redhat
Published
2013-08-08 17:04
Modified
2024-11-22 06:54
Summary
Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update
Notes
Topic
Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three
security issues and various bugs, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss SOA Platform is the next-generation ESB and business process
automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage
existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and
CEP) integration methodologies to dramatically improve business process
execution speed and quality.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA
Platform 5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
A flaw in JRuby's JSON gem allowed remote attacks by creating different
types of malicious objects. For example, it could initiate a denial of
service attack through resource consumption by using a JSON document to
create arbitrary Ruby symbols, which were never garbage collected. It could
also be exploited to create internal objects which could allow a SQL
injection attack. (CVE-2013-0269)
It was discovered that JRuby's REXML library did not properly restrict XML
entity expansion. An attacker could use this flaw to cause a denial of
service by tricking a Ruby application using REXML to read text nodes from
specially-crafted XML content, which will result in REXML consuming large
amounts of system memory. (CVE-2013-1821)
Note: Red Hat JBoss SOA Platform only provides JRuby as a dependency of
the scripting_chain quickstart example application. The CVE-2013-0269 and
CVE-2013-1821 flaws are not exposed unless the version of JRuby shipped
with that quickstart is used by a deployed, custom application.
Red Hat would like to thank Ruby on Rails upstream for reporting
CVE-2013-0269. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben
Murphy as the original reporters of CVE-2013-0269.
Warning: Before applying the update, back up your existing Red Hat JBoss
SOA Platform installation (including its databases, applications,
configuration files, and so on).
All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red
Hat Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three\nsecurity issues and various bugs, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss SOA Platform is the next-generation ESB and business process\nautomation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage\nexisting (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and\nCEP) integration methodologies to dramatically improve business process\nexecution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nA flaw in JRuby's JSON gem allowed remote attacks by creating different\ntypes of malicious objects. For example, it could initiate a denial of\nservice attack through resource consumption by using a JSON document to\ncreate arbitrary Ruby symbols, which were never garbage collected. It could\nalso be exploited to create internal objects which could allow a SQL\ninjection attack. (CVE-2013-0269)\n\nIt was discovered that JRuby's REXML library did not properly restrict XML\nentity expansion. An attacker could use this flaw to cause a denial of\nservice by tricking a Ruby application using REXML to read text nodes from\nspecially-crafted XML content, which will result in REXML consuming large\namounts of system memory. (CVE-2013-1821)\n\nNote: Red Hat JBoss SOA Platform only provides JRuby as a dependency of\nthe scripting_chain quickstart example application. The CVE-2013-0269 and\nCVE-2013-1821 flaws are not exposed unless the version of JRuby shipped\nwith that quickstart is used by a deployed, custom application.\n\nRed Hat would like to thank Ruby on Rails upstream for reporting\nCVE-2013-0269. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben\nMurphy as the original reporters of CVE-2013-0269.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red\nHat Customer Portal are advised to apply this roll up patch.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:1147", url: "https://access.redhat.com/errata/RHSA-2013:1147", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "909029", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909029", }, { category: "external", summary: "914716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1147.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update", tracking: { current_release_date: "2024-11-22T06:54:54+00:00", generator: { date: "2024-11-22T06:54:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2013:1147", initial_release_date: "2013-08-08T17:04:00+00:00", revision_history: [ { date: "2013-08-08T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-08-08T17:07:08+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T06:54:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss SOA Platform 5.3", product: { name: "Red Hat JBoss SOA Platform 5.3", product_id: "Red Hat JBoss SOA Platform 5.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Middleware", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { acknowledgments: [ { names: [ "Ruby on Rails upstream", ], }, { names: [ "Thomas Hollstegge", ], organization: "Zweitag", summary: "Acknowledged by upstream.", }, { names: [ "Ben Murphy", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2013-0269", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2013-02-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "909029", }, ], notes: [ { category: "description", text: "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"", title: "Vulnerability description", }, { category: "summary", text: "rubygem-json: Denial of Service and SQL Injection", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite tools ship RubyGem Json 1.4.6 which is earlier than affected 1.5.5 version however, this version of RubyGem is not affected to the flaw. We may update RubyGem in a future release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-0269", }, { category: "external", summary: "RHBZ#909029", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909029", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-0269", url: "https://www.cve.org/CVERecord?id=CVE-2013-0269", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", }, { category: "external", summary: "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", url: "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", }, ], release_date: "2013-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "rubygem-json: Denial of Service and SQL Injection", }, { cve: "CVE-2013-1821", discovery_date: "2013-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "914716", }, ], notes: [ { category: "description", text: "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.", title: "Vulnerability description", }, { category: "summary", text: "ruby: entity expansion DoS vulnerability in REXML", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss SOA Platform 5.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2013-1821", }, { category: "external", summary: "RHBZ#914716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2013-1821", url: "https://www.cve.org/CVERecord?id=CVE-2013-1821", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2013-1821", url: "https://nvd.nist.gov/vuln/detail/CVE-2013-1821", }, { category: "external", summary: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, ], release_date: "2013-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-08-08T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss SOA Platform server by starting the JBoss Application Server\nprocess.", product_ids: [ "Red Hat JBoss SOA Platform 5.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:1147", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss SOA Platform 5.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ruby: entity expansion DoS vulnerability in REXML", }, ], }
rhsa-2013:0270
Vulnerability from csaf_redhat
Published
2013-02-19 20:40
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
Updated jakarta-commons-httpclient packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
All users of jakarta-commons-httpclient are advised to upgrade to these
updated packages, which correct this issue. Applications using the Jakarta
Commons HttpClient component must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jakarta-commons-httpclient packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nAll users of jakarta-commons-httpclient are advised to upgrade to these\nupdated packages, which correct this issue. Applications using the Jakarta\nCommons HttpClient component must be restarted for this update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0270", url: "https://access.redhat.com/errata/RHSA-2013:0270", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0270.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:14:21+00:00", generator: { date: "2024-11-14T12:14:21+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0270", initial_release_date: "2013-02-19T20:40:00+00:00", revision_history: [ { date: "2013-02-19T20:40:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-02-19T22:20:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:14:21+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-02-19T20:40:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0270", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013_0270
Vulnerability from csaf_redhat
Published
2013-02-19 20:40
Modified
2024-11-14 12:14
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
Updated jakarta-commons-httpclient packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
All users of jakarta-commons-httpclient are advised to upgrade to these
updated packages, which correct this issue. Applications using the Jakarta
Commons HttpClient component must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated jakarta-commons-httpclient packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nAll users of jakarta-commons-httpclient are advised to upgrade to these\nupdated packages, which correct this issue. Applications using the Jakarta\nCommons HttpClient component must be restarted for this update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0270", url: "https://access.redhat.com/errata/RHSA-2013:0270", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0270.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:14:21+00:00", generator: { date: "2024-11-14T12:14:21+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0270", initial_release_date: "2013-02-19T20:40:00+00:00", revision_history: [ { date: "2013-02-19T20:40:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-02-19T22:20:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:14:21+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product: { name: "Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::computenode", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=s390x&epoch=1", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=ia64&epoch=1", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=ppc&epoch=1", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=i386&epoch=1", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product_id: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.0-7jpp.2?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=i686&epoch=1", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-javadoc@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-manual@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-debuginfo@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient-demo@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product_id: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-0.7.el6_3?arch=ppc64&epoch=1", }, }, }, ], category: "architecture", name: "ppc64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.src", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", relates_to_product_reference: "5Server-5.9.Z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", product_id: "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Client-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", product_id: "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", product_id: "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6ComputeNode-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Server-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", relates_to_product_reference: "6Workstation-optional-6.3.z", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", product_id: "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", }, product_reference: "jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", relates_to_product_reference: "6Workstation-optional-6.3.z", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-02-19T20:40:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0270", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.src", "5Server-5.9.Z:jakarta-commons-httpclient-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-demo-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-javadoc-1:3.0-7jpp.2.x86_64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.i386", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ia64", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.ppc", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.s390x", "5Server-5.9.Z:jakarta-commons-httpclient-manual-1:3.0-7jpp.2.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Client-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Client-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6ComputeNode-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Server-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Server-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.src", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-debuginfo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-demo-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-javadoc-1:3.1-0.7.el6_3.x86_64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.i686", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.ppc64", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.s390x", "6Workstation-optional-6.3.z:jakarta-commons-httpclient-manual-1:3.1-0.7.el6_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2013:0763
Vulnerability from csaf_redhat
Published
2013-04-22 21:17
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update
Notes
Topic
JBoss Web Framework Kit 2.2.0, which fixes two security issues, various
bugs, and adds enhancements is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The JBoss Web Framework Kit combines popular open source web frameworks
into a single solution for Java applications.
This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for
JBoss Web Framework Kit 2.1.0. It includes various bug fixes and
enhancements which are detailed in the JBoss Web Framework Kit 2.2.0
Release Notes. The Release Notes will be available shortly from
https://access.redhat.com/site/documentation/
This release also fixes the following security issues:
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
Note: Seam and RichFaces used the xerces:xercesImpl:2.9.1-patch01 artifact,
which is vulnerable to the CVE-2009-2625 flaw. In this release, the
artifact has been replaced with xerces:xercesImpl:2.9.1-redhat-3, which is
not vulnerable.
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Note: Jakarta Commons HttpClient 3 is vulnerable to CVE-2012-5783. Jakarta
Commons HttpClient 3 has reached its end of life as an Apache-maintained
component, and no upstream build is available that addresses this flaw. The
version of Jakarta Commons HttpClient 3 that ships with JBoss Web Framework
Kit 2.2.0 includes a patch for this flaw, which has been built by Red Hat.
Versions that are consumed from Maven Central do not have this patch
applied.
Jakarta Commons HttpClient 3 is a transitive dependency for multiple
components included in JBoss Web Framework Kit 2.2.0. If this dependency is
resolved using a build of HttpClient 3 from Maven Central, then this flaw
may be exposed.
Warning: Before applying this update, back up your existing installation of
JBoss Enterprise Application Platform or JBoss Enterprise Web Server, and
applications deployed to it.
All users of JBoss Web Framework Kit 2.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Web Framework Kit 2.2.0.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "JBoss Web Framework Kit 2.2.0, which fixes two security issues, various\nbugs, and adds enhancements is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "The JBoss Web Framework Kit combines popular open source web frameworks\ninto a single solution for Java applications.\n\nThis release of JBoss Web Framework Kit 2.2.0 serves as a replacement for\nJBoss Web Framework Kit 2.1.0. It includes various bug fixes and\nenhancements which are detailed in the JBoss Web Framework Kit 2.2.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis release also fixes the following security issues:\n\nA flaw was found in the way the Apache Xerces2 Java Parser processed the\nSYSTEM identifier in DTDs. A remote attacker could provide a\nspecially-crafted XML file, which once parsed by an application using the\nApache Xerces2 Java Parser, would lead to a denial of service (application\nhang due to excessive CPU use). (CVE-2009-2625)\n\nNote: Seam and RichFaces used the xerces:xercesImpl:2.9.1-patch01 artifact,\nwhich is vulnerable to the CVE-2009-2625 flaw. In this release, the\nartifact has been replaced with xerces:xercesImpl:2.9.1-redhat-3, which is\nnot vulnerable.\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nNote: Jakarta Commons HttpClient 3 is vulnerable to CVE-2012-5783. Jakarta\nCommons HttpClient 3 has reached its end of life as an Apache-maintained\ncomponent, and no upstream build is available that addresses this flaw. The\nversion of Jakarta Commons HttpClient 3 that ships with JBoss Web Framework\nKit 2.2.0 includes a patch for this flaw, which has been built by Red Hat.\nVersions that are consumed from Maven Central do not have this patch\napplied.\n\nJakarta Commons HttpClient 3 is a transitive dependency for multiple\ncomponents included in JBoss Web Framework Kit 2.2.0. If this dependency is\nresolved using a build of HttpClient 3 from Maven Central, then this flaw\nmay be exposed.\n\nWarning: Before applying this update, back up your existing installation of\nJBoss Enterprise Application Platform or JBoss Enterprise Web Server, and\napplications deployed to it.\n\nAll users of JBoss Web Framework Kit 2.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Web Framework Kit 2.2.0.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0763", url: "https://access.redhat.com/errata/RHSA-2013:0763", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=distributions", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=distributions", }, { category: "external", summary: "https://access.redhat.com/site/documentation/", url: "https://access.redhat.com/site/documentation/", }, { category: "external", summary: "512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0763.json", }, ], title: "Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update", tracking: { current_release_date: "2024-11-14T12:15:06+00:00", generator: { date: "2024-11-14T12:15:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0763", initial_release_date: "2013-04-22T21:17:00+00:00", revision_history: [ { date: "2013-04-22T21:17:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-04-22T21:25:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Framework Kit 2.2", product: { name: "Red Hat JBoss Web Framework Kit 2.2", product_id: "Red Hat JBoss Web Framework Kit 2.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_framework:2.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Framework Kit", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", discovery_date: "2009-07-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "512921", }, ], notes: [ { category: "description", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "Vulnerability description", }, { category: "summary", text: "JDK: XML parsing Denial-Of-Service (6845701)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "RHBZ#512921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=512921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2625", url: "https://www.cve.org/CVERecord?id=CVE-2009-2625", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", }, ], release_date: "2009-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-04-22T21:17:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of JBoss Enterprise Application Platform or JBoss\nEnterprise Web Server, and applications deployed to it.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0763", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JDK: XML parsing Denial-Of-Service (6845701)", }, { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-04-22T21:17:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting installation of JBoss Enterprise Application Platform or JBoss\nEnterprise Web Server, and applications deployed to it.\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Framework Kit 2.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0763", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Framework Kit 2.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2014_0224
Vulnerability from csaf_redhat
Published
2014-02-27 18:33
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: redhat-support-plugin-rhev security update
Notes
Topic
An updated redhat-support-plugin-rhev package that fixes one security issue
is now available.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new
feature which offers seamless integrated access to Red Hat Access services
from the Red Hat Enterprise Virtualization Administration Portal. The
plug-in provides automated functionality that enables quicker help,
answers, and proactive services. It offers easy and instant access to Red
Hat exclusive knowledge, resources, engagement, and diagnostic features.
Detailed information about this plug-in can be found in the Red Hat
Customer Portal at https://access.redhat.com/site/articles/425603
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
All users of the Red Hat Support plug-in on Red Hat Enterprise
Virtualization Manager are advised to install this updated package, which
fixes this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated redhat-support-plugin-rhev package that fixes one security issue\nis now available.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new\nfeature which offers seamless integrated access to Red Hat Access services\nfrom the Red Hat Enterprise Virtualization Administration Portal. The\nplug-in provides automated functionality that enables quicker help,\nanswers, and proactive services. It offers easy and instant access to Red\nHat exclusive knowledge, resources, engagement, and diagnostic features.\n\nDetailed information about this plug-in can be found in the Red Hat\nCustomer Portal at https://access.redhat.com/site/articles/425603\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nAll users of the Red Hat Support plug-in on Red Hat Enterprise\nVirtualization Manager are advised to install this updated package, which\nfixes this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0224", url: "https://access.redhat.com/errata/RHSA-2014:0224", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/site/articles/425603", url: "https://access.redhat.com/site/articles/425603", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0224.json", }, ], title: "Red Hat Security Advisory: redhat-support-plugin-rhev security update", tracking: { current_release_date: "2024-11-14T12:15:48+00:00", generator: { date: "2024-11-14T12:15:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2014:0224", initial_release_date: "2014-02-27T18:33:22+00:00", revision_history: [ { date: "2014-02-27T18:33:22+00:00", number: "1", summary: "Initial version", }, { date: "2014-02-27T18:33:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHEV-M 3.3", product: { name: "RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:3", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product_id: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/redhat-support-plugin-rhev@3.3.0-14.el6ev?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product_id: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product_identification_helper: { purl: "pkg:rpm/redhat/redhat-support-plugin-rhev@3.3.0-14.el6ev?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch as a component of RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", }, product_reference: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", relates_to_product_reference: "6Server-RHEV-S-3.3", }, { category: "default_component_of", full_product_name: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src as a component of RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", }, product_reference: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", relates_to_product_reference: "6Server-RHEV-S-3.3", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-02-27T18:33:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0224", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2014:0224
Vulnerability from csaf_redhat
Published
2014-02-27 18:33
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: redhat-support-plugin-rhev security update
Notes
Topic
An updated redhat-support-plugin-rhev package that fixes one security issue
is now available.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new
feature which offers seamless integrated access to Red Hat Access services
from the Red Hat Enterprise Virtualization Administration Portal. The
plug-in provides automated functionality that enables quicker help,
answers, and proactive services. It offers easy and instant access to Red
Hat exclusive knowledge, resources, engagement, and diagnostic features.
Detailed information about this plug-in can be found in the Red Hat
Customer Portal at https://access.redhat.com/site/articles/425603
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
All users of the Red Hat Support plug-in on Red Hat Enterprise
Virtualization Manager are advised to install this updated package, which
fixes this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated redhat-support-plugin-rhev package that fixes one security issue\nis now available.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new\nfeature which offers seamless integrated access to Red Hat Access services\nfrom the Red Hat Enterprise Virtualization Administration Portal. The\nplug-in provides automated functionality that enables quicker help,\nanswers, and proactive services. It offers easy and instant access to Red\nHat exclusive knowledge, resources, engagement, and diagnostic features.\n\nDetailed information about this plug-in can be found in the Red Hat\nCustomer Portal at https://access.redhat.com/site/articles/425603\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nAll users of the Red Hat Support plug-in on Red Hat Enterprise\nVirtualization Manager are advised to install this updated package, which\nfixes this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:0224", url: "https://access.redhat.com/errata/RHSA-2014:0224", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/site/articles/425603", url: "https://access.redhat.com/site/articles/425603", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0224.json", }, ], title: "Red Hat Security Advisory: redhat-support-plugin-rhev security update", tracking: { current_release_date: "2024-11-14T12:15:48+00:00", generator: { date: "2024-11-14T12:15:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2014:0224", initial_release_date: "2014-02-27T18:33:22+00:00", revision_history: [ { date: "2014-02-27T18:33:22+00:00", number: "1", summary: "Initial version", }, { date: "2014-02-27T18:33:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHEV-M 3.3", product: { name: "RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3", product_identification_helper: { cpe: "cpe:/a:redhat:rhev_manager:3", }, }, }, ], category: "product_family", name: "Red Hat Virtualization", }, { branches: [ { category: "product_version", name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product_id: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/redhat-support-plugin-rhev@3.3.0-14.el6ev?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product_id: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", product_identification_helper: { purl: "pkg:rpm/redhat/redhat-support-plugin-rhev@3.3.0-14.el6ev?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch as a component of RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", }, product_reference: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", relates_to_product_reference: "6Server-RHEV-S-3.3", }, { category: "default_component_of", full_product_name: { name: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src as a component of RHEV-M 3.3", product_id: "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", }, product_reference: "redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", relates_to_product_reference: "6Server-RHEV-S-3.3", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-02-27T18:33:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", product_ids: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:0224", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.noarch", "6Server-RHEV-S-3.3:redhat-support-plugin-rhev-0:3.3.0-14.el6ev.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013_0680
Vulnerability from csaf_redhat
Published
2013-03-25 17:04
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise
Application Platform 5.2.0 which fixes one security issue is now available
for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to this updated
package. The JBoss server process must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jakarta-commons-httpclient package for JBoss Enterprise\nApplication Platform 5.2.0 which fixes one security issue is now available\nfor Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to this updated\npackage. The JBoss server process must be restarted for the update to take\neffect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0680", url: "https://access.redhat.com/errata/RHSA-2013:0680", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0680.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:02+00:00", generator: { date: "2024-11-14T12:15:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0680", initial_release_date: "2013-03-25T17:04:00+00:00", revision_history: [ { date: "2013-03-25T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", product_id: "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4AS-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", product_id: "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4ES-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", product_id: "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", relates_to_product_reference: "5Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEAP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", product_id: "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", relates_to_product_reference: "6Server-JBEAP-5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:04:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0680", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEAP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013_0681
Vulnerability from csaf_redhat
Published
2013-03-25 17:04
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security
issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security\nissue is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0681", url: "https://access.redhat.com/errata/RHSA-2013:0681", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0681.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:05+00:00", generator: { date: "2024-11-14T12:15:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0681", initial_release_date: "2013-03-25T17:04:00+00:00", revision_history: [ { date: "2013-03-25T17:04:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:47+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5.2", product: { name: "Red Hat JBoss Web Platform 5.2", product_id: "Red Hat JBoss Web Platform 5.2", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Platform 5.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:04:00+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", product_ids: [ "Red Hat JBoss Web Platform 5.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0681", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Web Platform 5.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
rhsa-2013_0682
Vulnerability from csaf_redhat
Published
2013-03-25 17:05
Modified
2024-11-14 12:15
Summary
Red Hat Security Advisory: jakarta-commons-httpclient security update
Notes
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise Web
Platform 5.2.0 which fixes one security issue is now available for
Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The Jakarta Commons HttpClient component can be used to build HTTP-aware
client applications (such as web browsers and web service clients).
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject's Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a certificate
that was valid for any domain name. (CVE-2012-5783)
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise
Linux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss
server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jakarta-commons-httpclient package for JBoss Enterprise Web\nPlatform 5.2.0 which fixes one security issue is now available for\nRed Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.", title: "Topic", }, { category: "general", text: "The Jakarta Commons HttpClient component can be used to build HTTP-aware\nclient applications (such as web browsers and web service clients).\n\nThe Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name. (CVE-2012-5783)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise\nLinux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss\nserver process must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2013:0682", url: "https://access.redhat.com/errata/RHSA-2013:0682", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0682.json", }, ], title: "Red Hat Security Advisory: jakarta-commons-httpclient security update", tracking: { current_release_date: "2024-11-14T12:15:10+00:00", generator: { date: "2024-11-14T12:15:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.0", }, }, id: "RHSA-2013:0682", initial_release_date: "2013-03-25T17:05:00+00:00", revision_history: [ { date: "2013-03-25T17:05:00+00:00", number: "1", summary: "Initial version", }, { date: "2013-03-25T17:14:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T12:15:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product: { name: "Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Platform", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el4?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_id: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2.1_patch_01.ep5.el5?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_id: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-2_patch_01.ep5.el6?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", product_id: "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4AS-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", product_id: "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", relates_to_product_reference: "4ES-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", product_id: "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", relates_to_product_reference: "5Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", relates_to_product_reference: "6Server-JBEWP-5", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", product_id: "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", }, product_reference: "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", relates_to_product_reference: "6Server-JBEWP-5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], known_not_affected: [ "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4AS-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.noarch", "4ES-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2013-03-25T17:05:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", product_ids: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2013:0682", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.noarch", "5Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5.src", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.noarch", "6Server-JBEWP-5:jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, ], }
RHSA-2017:0868
Vulnerability from csaf_redhat
Published
2017-04-03 21:02
Modified
2024-11-22 10:51
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.
Security Fix(es):
* It was reported that Elasticsearch had vulnerabilities in the Groovy scripting engine, which allow an attacker to construct scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. (CVE-2015-1427)
* It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814)
* It was found that Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2012-5783)
* It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. (CVE-2016-1000229)
* A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. (CVE-2016-6812)
* Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk. (CVE-2016-8739)
* A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data. (CVE-2016-9177)
* It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack. (CVE-2017-3159)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was reported that Elasticsearch had vulnerabilities in the Groovy scripting engine, which allow an attacker to construct scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. (CVE-2015-1427)\n\n* It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814)\n\n* It was found that Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2012-5783)\n\n* It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. (CVE-2016-1000229)\n\n* A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. (CVE-2016-6812)\n\n* Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk. (CVE-2016-8739)\n\n* A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data. (CVE-2016-9177)\n\n* It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack. (CVE-2017-3159)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:0868", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=6.3", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq.broker&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.amq.broker&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/", }, { category: "external", summary: "873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "1191969", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191969", }, { category: "external", summary: "1360275", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360275", }, { category: "external", summary: "1393607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393607", }, { category: "external", summary: "1406810", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406810", }, { category: "external", summary: "1406811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406811", }, { category: "external", summary: "1413466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1413466", }, { category: "external", summary: "1420834", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420834", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0868.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update", tracking: { current_release_date: "2024-11-22T10:51:39+00:00", generator: { date: "2024-11-22T10:51:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:0868", initial_release_date: "2017-04-03T21:02:28+00:00", revision_history: [ { date: "2017-04-03T21:02:28+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-02T15:51:20+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:51:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.3", product: { name: "Red Hat JBoss A-MQ 6.3", product_id: "Red Hat JBoss A-MQ 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.3", }, }, }, { category: "product_name", name: "Red Hat JBoss Fuse 6.3", product: { name: "Red Hat JBoss Fuse 6.3", product_id: "Red Hat JBoss Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", discovery_date: "2012-11-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "873317", }, ], notes: [ { category: "description", text: "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "RHBZ#873317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=873317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2012-5783", url: "https://www.cve.org/CVERecord?id=CVE-2012-5783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, ], release_date: "2012-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", }, { cve: "CVE-2015-1427", discovery_date: "2015-02-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1191969", }, ], notes: [ { category: "description", text: "It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.", title: "Vulnerability description", }, { category: "summary", text: "elasticsearch: remote code execution via Groovy sandbox bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-1427", }, { category: "external", summary: "RHBZ#1191969", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191969", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-1427", url: "https://www.cve.org/CVERecord?id=CVE-2015-1427", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-1427", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2022-03-25T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "elasticsearch: remote code execution via Groovy sandbox bypass", }, { cve: "CVE-2015-7559", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, discovery_date: "2015-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1293972", }, ], notes: [ { category: "description", text: "It was found that the Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.", title: "Vulnerability description", }, { category: "summary", text: "ActiveMQ: DoS in client via shutdown command", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7559", }, { category: "external", summary: "RHBZ#1293972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7559", url: "https://www.cve.org/CVERecord?id=CVE-2015-7559", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7559", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7559", }, ], release_date: "2017-04-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "ActiveMQ: DoS in client via shutdown command", }, { cve: "CVE-2016-6812", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406810", }, ], notes: [ { category: "description", text: "A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: XSS in Apache CXF FormattedServiceListWriter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6812", }, { category: "external", summary: "RHBZ#1406810", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406810", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6812", url: "https://www.cve.org/CVERecord?id=CVE-2016-6812", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6812", }, { category: "external", summary: "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2", url: "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2", }, ], release_date: "2016-12-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-cxf: XSS in Apache CXF FormattedServiceListWriter", }, { cve: "CVE-2016-6814", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1413466", }, ], notes: [ { category: "description", text: "It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "Groovy: Remote code execution via deserialization", title: "Vulnerability summary", }, { category: "other", text: "This issue affects the versions of groovy as shipped with Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship groovy, as such they are not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6814", }, { category: "external", summary: "RHBZ#1413466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1413466", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6814", url: "https://www.cve.org/CVERecord?id=CVE-2016-6814", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6814", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6814", }, ], release_date: "2017-01-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Groovy: Remote code execution via deserialization", }, { cve: "CVE-2016-8739", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2016-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1406811", }, ], notes: [ { category: "description", text: "Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk.", title: "Vulnerability description", }, { category: "summary", text: "apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-8739", }, { category: "external", summary: "RHBZ#1406811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1406811", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-8739", url: "https://www.cve.org/CVERecord?id=CVE-2016-8739", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-8739", }, { category: "external", summary: "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2", url: "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2", }, ], release_date: "2016-12-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE", }, { cve: "CVE-2016-9177", discovery_date: "2016-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393607", }, ], notes: [ { category: "description", text: "A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "Spark: Directory traversal vulnerability in version 2.5", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-9177", }, { category: "external", summary: "RHBZ#1393607", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393607", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-9177", url: "https://www.cve.org/CVERecord?id=CVE-2016-9177", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-9177", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-9177", }, { category: "external", summary: "http://seclists.org/fulldisclosure/2016/Nov/13", url: "http://seclists.org/fulldisclosure/2016/Nov/13", }, ], release_date: "2016-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Spark: Directory traversal vulnerability in version 2.5", }, { cve: "CVE-2016-1000229", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2016-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1360275", }, ], notes: [ { category: "description", text: "It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter.", title: "Vulnerability description", }, { category: "summary", text: "swagger-ui: cross-site scripting in key names", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-1000229", }, { category: "external", summary: "RHBZ#1360275", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1360275", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-1000229", url: "https://www.cve.org/CVERecord?id=CVE-2016-1000229", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-1000229", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-1000229", }, { category: "external", summary: "https://nodesecurity.io/advisories/126", url: "https://nodesecurity.io/advisories/126", }, ], release_date: "2016-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "swagger-ui: cross-site scripting in key names", }, { cve: "CVE-2017-3159", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2017-02-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1420834", }, ], notes: [ { category: "description", text: "It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack.", title: "Vulnerability description", }, { category: "summary", text: "camel-snakeyaml: Unmarshalling operation is vulnerable to RCE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3159", }, { category: "external", summary: "RHBZ#1420834", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1420834", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3159", url: "https://www.cve.org/CVERecord?id=CVE-2017-3159", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3159", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3159", }, { category: "external", summary: "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc", url: "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc", }, ], release_date: "2016-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-04-03T21:02:28+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-snakeyaml: Unmarshalling operation is vulnerable to RCE", }, ], }
opensuse-su-2024:10381-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
apache-commons-httpclient-3.1-8.5 on GA media
Notes
Title of the patch
apache-commons-httpclient-3.1-8.5 on GA media
Description of the patch
These are all security issues fixed in the apache-commons-httpclient-3.1-8.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10381
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "apache-commons-httpclient-3.1-8.5 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the apache-commons-httpclient-3.1-8.5 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10381", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10381-1.json", }, { category: "self", summary: "SUSE CVE CVE-2012-5783 page", url: "https://www.suse.com/security/cve/CVE-2012-5783/", }, ], title: "apache-commons-httpclient-3.1-8.5 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10381-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "apache-commons-httpclient-3.1-8.5.aarch64", product: { name: "apache-commons-httpclient-3.1-8.5.aarch64", product_id: "apache-commons-httpclient-3.1-8.5.aarch64", }, }, { category: "product_version", name: "apache-commons-httpclient-demo-3.1-8.5.aarch64", product: { name: "apache-commons-httpclient-demo-3.1-8.5.aarch64", product_id: "apache-commons-httpclient-demo-3.1-8.5.aarch64", }, }, { category: "product_version", name: "apache-commons-httpclient-javadoc-3.1-8.5.aarch64", product: { name: "apache-commons-httpclient-javadoc-3.1-8.5.aarch64", product_id: "apache-commons-httpclient-javadoc-3.1-8.5.aarch64", }, }, { category: "product_version", name: "apache-commons-httpclient-manual-3.1-8.5.aarch64", product: { name: "apache-commons-httpclient-manual-3.1-8.5.aarch64", product_id: "apache-commons-httpclient-manual-3.1-8.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "apache-commons-httpclient-3.1-8.5.ppc64le", product: { name: "apache-commons-httpclient-3.1-8.5.ppc64le", product_id: "apache-commons-httpclient-3.1-8.5.ppc64le", }, }, { category: "product_version", name: "apache-commons-httpclient-demo-3.1-8.5.ppc64le", product: { name: "apache-commons-httpclient-demo-3.1-8.5.ppc64le", product_id: "apache-commons-httpclient-demo-3.1-8.5.ppc64le", }, }, { category: "product_version", name: "apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", product: { name: "apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", product_id: "apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", }, }, { category: "product_version", name: "apache-commons-httpclient-manual-3.1-8.5.ppc64le", product: { name: "apache-commons-httpclient-manual-3.1-8.5.ppc64le", product_id: "apache-commons-httpclient-manual-3.1-8.5.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "apache-commons-httpclient-3.1-8.5.s390x", product: { name: "apache-commons-httpclient-3.1-8.5.s390x", product_id: "apache-commons-httpclient-3.1-8.5.s390x", }, }, { category: "product_version", name: "apache-commons-httpclient-demo-3.1-8.5.s390x", product: { name: "apache-commons-httpclient-demo-3.1-8.5.s390x", product_id: "apache-commons-httpclient-demo-3.1-8.5.s390x", }, }, { category: "product_version", name: "apache-commons-httpclient-javadoc-3.1-8.5.s390x", product: { name: "apache-commons-httpclient-javadoc-3.1-8.5.s390x", product_id: "apache-commons-httpclient-javadoc-3.1-8.5.s390x", }, }, { category: "product_version", name: "apache-commons-httpclient-manual-3.1-8.5.s390x", product: { name: "apache-commons-httpclient-manual-3.1-8.5.s390x", product_id: "apache-commons-httpclient-manual-3.1-8.5.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "apache-commons-httpclient-3.1-8.5.x86_64", product: { name: "apache-commons-httpclient-3.1-8.5.x86_64", product_id: "apache-commons-httpclient-3.1-8.5.x86_64", }, }, { category: "product_version", name: "apache-commons-httpclient-demo-3.1-8.5.x86_64", product: { name: "apache-commons-httpclient-demo-3.1-8.5.x86_64", product_id: "apache-commons-httpclient-demo-3.1-8.5.x86_64", }, }, { category: "product_version", name: "apache-commons-httpclient-javadoc-3.1-8.5.x86_64", product: { name: "apache-commons-httpclient-javadoc-3.1-8.5.x86_64", product_id: "apache-commons-httpclient-javadoc-3.1-8.5.x86_64", }, }, { category: "product_version", name: "apache-commons-httpclient-manual-3.1-8.5.x86_64", product: { name: "apache-commons-httpclient-manual-3.1-8.5.x86_64", product_id: "apache-commons-httpclient-manual-3.1-8.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-3.1-8.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.aarch64", }, product_reference: "apache-commons-httpclient-3.1-8.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-3.1-8.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.ppc64le", }, product_reference: "apache-commons-httpclient-3.1-8.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-3.1-8.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.s390x", }, product_reference: "apache-commons-httpclient-3.1-8.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-3.1-8.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.x86_64", }, product_reference: "apache-commons-httpclient-3.1-8.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-demo-3.1-8.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.aarch64", }, product_reference: "apache-commons-httpclient-demo-3.1-8.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-demo-3.1-8.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.ppc64le", }, product_reference: "apache-commons-httpclient-demo-3.1-8.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-demo-3.1-8.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.s390x", }, product_reference: "apache-commons-httpclient-demo-3.1-8.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-demo-3.1-8.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.x86_64", }, product_reference: "apache-commons-httpclient-demo-3.1-8.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-javadoc-3.1-8.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.aarch64", }, product_reference: "apache-commons-httpclient-javadoc-3.1-8.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-javadoc-3.1-8.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", }, product_reference: "apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-javadoc-3.1-8.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.s390x", }, product_reference: "apache-commons-httpclient-javadoc-3.1-8.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-javadoc-3.1-8.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.x86_64", }, product_reference: "apache-commons-httpclient-javadoc-3.1-8.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-manual-3.1-8.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.aarch64", }, product_reference: "apache-commons-httpclient-manual-3.1-8.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-manual-3.1-8.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.ppc64le", }, product_reference: "apache-commons-httpclient-manual-3.1-8.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-manual-3.1-8.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.s390x", }, product_reference: "apache-commons-httpclient-manual-3.1-8.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-httpclient-manual-3.1-8.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.x86_64", }, product_reference: "apache-commons-httpclient-manual-3.1-8.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-5783", }, ], notes: [ { category: "general", text: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-5783", url: "https://www.suse.com/security/cve/CVE-2012-5783", }, { category: "external", summary: "SUSE Bug 1132354 for CVE-2012-5783", url: "https://bugzilla.suse.com/1132354", }, { category: "external", summary: "SUSE Bug 803332 for CVE-2012-5783", url: "https://bugzilla.suse.com/803332", }, { category: "external", summary: "SUSE Bug 803333 for CVE-2012-5783", url: "https://bugzilla.suse.com/803333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-demo-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-javadoc-3.1-8.5.x86_64", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.aarch64", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.ppc64le", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.s390x", "openSUSE Tumbleweed:apache-commons-httpclient-manual-3.1-8.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-5783", }, ], }
ghsa-3832-9276-x7gf
Vulnerability from github
Published
2022-05-13 01:10
Modified
2024-11-05 22:28
Summary
Improper Certificate Validation in Apache Commons HttpClient
Details
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Note that the Commons HttpClient project is end of life. It has been replaced by the Apache HttpComponents project in its HttpClient and HttpCore modules. CVE-2012-5783 has been patched in v4.0 of the Apache HttpComponents HttpClient module.
{ affected: [ { database_specific: { last_known_affected_version_range: "< 4.0", }, package: { ecosystem: "Maven", name: "commons-httpclient:commons-httpclient", }, ranges: [ { events: [ { introduced: "3.0", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2012-5783", ], database_specific: { cwe_ids: [ "CWE-295", ], github_reviewed: true, github_reviewed_at: "2022-07-13T13:58:59Z", nvd_published_at: "2012-11-04T22:55:00Z", severity: "MODERATE", }, details: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\nNote that the Commons HttpClient project is [end of life](https://hc.apache.org/httpclient-legacy/). It has been replaced by the Apache HttpComponents project in its [HttpClient](https://hc.apache.org/httpcomponents-client-5.4.x/) and [HttpCore](https://hc.apache.org/httpcomponents-core-5.3.x/) modules. CVE-2012-5783 has been patched in [v4.0](https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.0/) of the Apache HttpComponents HttpClient module.", id: "GHSA-3832-9276-x7gf", modified: "2024-11-05T22:28:04Z", published: "2022-05-13T01:10:34Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { type: "PACKAGE", url: "https://github.com/apache/httpcomponents-client", }, { type: "WEB", url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, { type: "WEB", url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { type: "WEB", url: "http://www.ubuntu.com/usn/USN-2769-1", }, ], schema_version: "1.4.0", severity: [], summary: "Improper Certificate Validation in Apache Commons HttpClient", }
WID-SEC-W-2023-1594
Vulnerability from csaf_certbund
Published
2023-06-28 22:00
Modified
2023-06-28 22:00
Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1594 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json", }, { category: "self", summary: "WID-SEC-2023-1594 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/885316", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/884276", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/883428", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/883424", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/882926", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/882898", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/882888", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/880403", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/880401", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/880395", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/879855", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/879841", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870546", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870526", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870508", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870504", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870500", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870498", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/743933", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739297", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739271", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739249", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739247", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739245", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739243", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/738231", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/731931", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730883", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730871", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730845", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730835", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730171", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/720307", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/720283", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/720265", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/718745", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717345", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717335", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717327", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717007", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/716573", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/712213", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/712199", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/570557", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/569765", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/569727", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/569717", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/305321", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/304091", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/304089", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/303663", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/303657", }, ], source_lang: "en-US", title: "IBM Tivoli Network Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-28T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:31.776+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1594", initial_release_date: "2023-06-28T22:00:00.000+00:00", revision_history: [ { date: "2023-06-28T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 5", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 5", product_id: "T028343", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9", product_id: "T028344", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 4.1.1", product: { name: "IBM Tivoli Network Manager IP Edition < 4.1.1", product_id: "T028345", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 4.2", product: { name: "IBM Tivoli Network Manager IP Edition < 4.2", product_id: "T028346", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9.0.4", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9.0.4", product_id: "T028347", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9.0.5", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9.0.5", product_id: "T028348", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 4", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 4", product_id: "T028349", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4", }, }, }, ], category: "product_name", name: "Tivoli Network Manager", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2019-4046", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-4046", }, { cve: "CVE-2019-4030", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-4030", }, { cve: "CVE-2019-2684", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2684", }, { cve: "CVE-2019-2602", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2602", }, { cve: "CVE-2019-2537", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2537", }, { cve: "CVE-2019-2534", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2534", }, { cve: "CVE-2019-2531", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2531", }, { cve: "CVE-2019-2529", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2529", }, { cve: "CVE-2019-2503", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2503", }, { cve: "CVE-2019-2482", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2482", }, { cve: "CVE-2019-2481", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2481", }, { cve: "CVE-2019-2455", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2455", }, { cve: "CVE-2019-1559", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-1559", }, { cve: "CVE-2019-0220", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-0220", }, { cve: "CVE-2018-8039", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-8039", }, { cve: "CVE-2018-5407", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-5407", }, { cve: "CVE-2018-3282", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3282", }, { cve: "CVE-2018-3278", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3278", }, { cve: "CVE-2018-3276", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3276", }, { cve: "CVE-2018-3251", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3251", }, { cve: "CVE-2018-3247", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3247", }, { cve: "CVE-2018-3174", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3174", }, { cve: "CVE-2018-3156", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3156", }, { cve: "CVE-2018-3143", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3143", }, { cve: "CVE-2018-3123", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3123", }, { cve: "CVE-2018-3084", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3084", }, { cve: "CVE-2018-3082", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3082", }, { cve: "CVE-2018-3081", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3081", }, { cve: "CVE-2018-3080", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3080", }, { cve: "CVE-2018-3079", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3079", }, { cve: "CVE-2018-3078", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3078", }, { cve: "CVE-2018-3077", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3077", }, { cve: "CVE-2018-3075", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3075", }, { cve: "CVE-2018-3074", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3074", }, { cve: "CVE-2018-3073", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3073", }, { cve: "CVE-2018-3071", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3071", }, { cve: "CVE-2018-3070", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3070", }, { cve: "CVE-2018-3067", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3067", }, { cve: "CVE-2018-3066", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3066", }, { cve: "CVE-2018-3065", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3065", }, { cve: "CVE-2018-3064", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3064", }, { cve: "CVE-2018-3063", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3063", }, { cve: "CVE-2018-3062", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3062", }, { cve: "CVE-2018-3061", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3061", }, { cve: "CVE-2018-3060", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3060", }, { cve: "CVE-2018-3058", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3058", }, { cve: "CVE-2018-3056", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3056", }, { cve: "CVE-2018-3054", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3054", }, { cve: "CVE-2018-2877", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2877", }, { cve: "CVE-2018-2846", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2846", }, { cve: "CVE-2018-2839", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2839", }, { cve: "CVE-2018-2819", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2819", }, { cve: "CVE-2018-2818", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2818", }, { cve: "CVE-2018-2817", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2817", }, { cve: "CVE-2018-2816", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2816", }, { cve: "CVE-2018-2813", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2813", }, { cve: "CVE-2018-2812", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2812", }, { cve: "CVE-2018-2810", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2810", }, { cve: "CVE-2018-2805", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2805", }, { cve: "CVE-2018-2787", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2787", }, { cve: "CVE-2018-2786", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2786", }, { cve: "CVE-2018-2784", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2784", }, { cve: "CVE-2018-2782", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2782", }, { cve: "CVE-2018-2781", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2781", }, { cve: "CVE-2018-2780", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2780", }, { cve: "CVE-2018-2779", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2779", }, { cve: "CVE-2018-2778", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2778", }, { cve: "CVE-2018-2777", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2777", }, { cve: "CVE-2018-2776", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2776", }, { cve: "CVE-2018-2775", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2775", }, { cve: "CVE-2018-2773", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2773", }, { cve: "CVE-2018-2771", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2771", }, { cve: "CVE-2018-2769", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2769", }, { cve: "CVE-2018-2766", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2766", }, { cve: "CVE-2018-2762", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2762", }, { cve: "CVE-2018-2761", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2761", }, { cve: "CVE-2018-2759", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2759", }, { cve: "CVE-2018-2758", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2758", }, { cve: "CVE-2018-2755", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2755", }, { cve: "CVE-2018-2598", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2598", }, { cve: "CVE-2018-1996", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1996", }, { cve: "CVE-2018-1926", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1926", }, { cve: "CVE-2018-1904", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1904", }, { cve: "CVE-2018-1902", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1902", }, { cve: "CVE-2018-1901", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1901", }, { cve: "CVE-2018-1798", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1798", }, { cve: "CVE-2018-1797", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1797", }, { cve: "CVE-2018-1794", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1794", }, { cve: "CVE-2018-1793", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1793", }, { cve: "CVE-2018-1777", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1777", }, { cve: "CVE-2018-1770", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1770", }, { cve: "CVE-2018-1767", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1767", }, { cve: "CVE-2018-1719", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1719", }, { cve: "CVE-2018-1695", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1695", }, { cve: "CVE-2018-1656", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1656", }, { cve: "CVE-2018-1643", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1643", }, { cve: "CVE-2018-1621", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1621", }, { cve: "CVE-2018-1614", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1614", }, { cve: "CVE-2018-1567", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1567", }, { cve: "CVE-2018-1447", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1447", }, { cve: "CVE-2018-1428", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1428", }, { cve: "CVE-2018-1427", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1427", }, { cve: "CVE-2018-1426", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1426", }, { cve: "CVE-2018-1301", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1301", }, { cve: "CVE-2018-12539", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-12539", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-0734", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-0734", }, { cve: "CVE-2018-0732", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-0732", }, { cve: "CVE-2017-9798", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-9798", }, { cve: "CVE-2017-3738", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3738", }, { cve: "CVE-2017-3737", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3737", }, { cve: "CVE-2017-3736", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3736", }, { cve: "CVE-2017-3735", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3735", }, { cve: "CVE-2017-3732", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3732", }, { cve: "CVE-2017-1743", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1743", }, { cve: "CVE-2017-1741", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1741", }, { cve: "CVE-2017-1731", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1731", }, { cve: "CVE-2017-1681", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1681", }, { cve: "CVE-2017-15715", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-15715", }, { cve: "CVE-2017-15710", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-15710", }, { cve: "CVE-2017-12624", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-12624", }, { cve: "CVE-2017-12618", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-12618", }, { cve: "CVE-2017-12613", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-12613", }, { cve: "CVE-2016-0705", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2016-0705", }, { cve: "CVE-2016-0702", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2016-0702", }, { cve: "CVE-2016-0701", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2016-0701", }, { cve: "CVE-2015-0899", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2015-0899", }, { cve: "CVE-2014-7810", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2014-7810", }, { cve: "CVE-2012-5783", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2012-5783", }, ], }
WID-SEC-W-2023-1601
Vulnerability from csaf_certbund
Published
2013-08-08 22:00
Modified
2023-06-29 22:00
Summary
Red Hat JBoss Enterprise SOA Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise SOA Platform ist eine Infrastruktur zur Automatisierung von ESB und Businessprozessen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise SOA Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen zu manipulieren oder um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss Enterprise SOA Platform ist eine Infrastruktur zur Automatisierung von ESB und Businessprozessen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise SOA Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen zu manipulieren oder um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1601 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2013/wid-sec-w-2023-1601.json", }, { category: "self", summary: "WID-SEC-2023-1601 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1601", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2013:1147-1 vom 2013-08-08", url: "https://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { category: "external", summary: "Debian Security Advisory DSA-2738-1 vom 2013-08-19", url: "http://www.debian.org/security/2013/dsa-2738", }, { category: "external", summary: "RedHat Security Advisory RHSA-2013-1185 vom 2013-08-29", url: "https://rhn.redhat.com/errata/RHSA-2013-1185.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2014:1834-1 vom 2014-11-10", url: "http://rhn.redhat.com/errata/RHSA-2014-1834.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2014:1833-1 vom 2014-11-10", url: "http://rhn.redhat.com/errata/RHSA-2014-1833.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2014:2019-1 vom 2014-12-18", url: "http://rhn.redhat.com/errata/RHSA-2014-2019.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2017:0868 vom 2017-04-04", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], source_lang: "en-US", title: "Red Hat JBoss Enterprise SOA Platform: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-29T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:55.866+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1601", initial_release_date: "2013-08-08T22:00:00.000+00:00", revision_history: [ { date: "2013-08-08T22:00:00.000+00:00", number: "1", summary: "Initial Release", }, { date: "2013-08-08T22:00:00.000+00:00", number: "2", summary: "Version nicht vorhanden", }, { date: "2013-08-19T22:00:00.000+00:00", number: "3", summary: "New remediations available", }, { date: "2013-08-29T22:00:00.000+00:00", number: "4", summary: "New remediations available", }, { date: "2014-11-10T23:00:00.000+00:00", number: "5", summary: "New remediations available", }, { date: "2014-12-18T23:00:00.000+00:00", number: "6", summary: "New remediations available", }, { date: "2014-12-18T23:00:00.000+00:00", number: "7", summary: "Version nicht vorhanden", }, { date: "2017-04-03T22:00:00.000+00:00", number: "8", summary: "New remediations available", }, { date: "2023-06-29T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 6 EL5", product: { name: "Red Hat JBoss Enterprise Application Platform 6 EL5", product_id: "T001224", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:6:el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 6 EL6", product: { name: "Red Hat JBoss Enterprise Application Platform 6 EL6", product_id: "T001225", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:6:el6", }, }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, { category: "product_name", name: "Red Hat JBoss Enterprise SOA Platform 5.3.1", product: { name: "Red Hat JBoss Enterprise SOA Platform 5.3.1", product_id: "198379", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3.1", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", notes: [ { category: "description", text: "Es besteht eine Schwachstelle bezüglich der Überprüfung von SSL Zertifikaten in der Jakarta Commons HttpClient Komponente. Diese Schwachstelle wird dadurch verursacht, dass betroffene Software den Hostnamen des Servers nicht mit dem Domainnamen aus dem Common Name (CN) oder \"SubjectAltName\" Feld des X.509 Zertifikates abgleicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle mittels eines man-in-the-middle Angriffs ausnutzen, um Sicherheitsfunktionen zu umgehen und um einen Benutzer zu täuschen, dass er sich auf einer vertrauten Internetseite befindet. Für die Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "67646", "T001225", "T001224", "198379", ], }, release_date: "2013-08-08T22:00:00.000+00:00", title: "CVE-2012-5783", }, { cve: "CVE-2013-0269", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in \"JSON gem\" welches mit Red Hat JBoss SOA Platform. Diese Schwachstelle tritt während der Verarbeitung speziell manipulierter JSON Dokumente auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen SQL-Code zu injizieren, um einen Denial of Service herbeizuführen oder um Sicherheitsfunktionen zu umgehen.", }, ], product_status: { known_affected: [ "198379", ], }, release_date: "2013-08-08T22:00:00.000+00:00", title: "CVE-2013-0269", }, { cve: "CVE-2013-1821", notes: [ { category: "description", text: "In Ruby besteht eine Denial of Service Schwachstelle. Diese Schwachstelle befindet sich im REXML Parser und tritt während der Verarbeitung speziell manipulierter XML Dokumente auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Angriff durchzuführen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Anwender dazu bringen eine manipulierte XML Datei zu öffnen.", }, ], product_status: { known_affected: [ "198379", ], }, release_date: "2013-08-08T22:00:00.000+00:00", title: "CVE-2013-1821", }, ], }
wid-sec-w-2023-1594
Vulnerability from csaf_certbund
Published
2023-06-28 22:00
Modified
2023-06-28 22:00
Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1594 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json", }, { category: "self", summary: "WID-SEC-2023-1594 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/885316", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/884276", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/883428", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/883424", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/882926", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/882898", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/882888", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/880403", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/880401", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/880395", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/879855", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/879841", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870546", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870526", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870508", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870504", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870500", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/870498", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/743933", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739297", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739271", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739249", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739247", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739245", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/739243", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/738231", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/731931", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730883", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730871", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730845", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730835", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/730171", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/720307", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/720283", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/720265", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/718745", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717345", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717335", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717327", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/717007", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/716573", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/712213", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/712199", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/570557", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/569765", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/569727", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/569717", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/305321", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/304091", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/304089", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/303663", }, { category: "external", summary: "IBM Security Advisory vom 2023-06-28", url: "https://www.ibm.com/support/pages/node/303657", }, ], source_lang: "en-US", title: "IBM Tivoli Network Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-28T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:31.776+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1594", initial_release_date: "2023-06-28T22:00:00.000+00:00", revision_history: [ { date: "2023-06-28T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 5", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 5", product_id: "T028343", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9", product_id: "T028344", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 4.1.1", product: { name: "IBM Tivoli Network Manager IP Edition < 4.1.1", product_id: "T028345", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 4.2", product: { name: "IBM Tivoli Network Manager IP Edition < 4.2", product_id: "T028346", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9.0.4", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9.0.4", product_id: "T028347", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9.0.5", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9.0.5", product_id: "T028348", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5", }, }, }, { category: "product_name", name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 4", product: { name: "IBM Tivoli Network Manager IP Edition < 3.9 Fix Pack 4", product_id: "T028349", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4", }, }, }, ], category: "product_name", name: "Tivoli Network Manager", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2019-4046", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-4046", }, { cve: "CVE-2019-4030", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-4030", }, { cve: "CVE-2019-2684", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2684", }, { cve: "CVE-2019-2602", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2602", }, { cve: "CVE-2019-2537", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2537", }, { cve: "CVE-2019-2534", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2534", }, { cve: "CVE-2019-2531", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2531", }, { cve: "CVE-2019-2529", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2529", }, { cve: "CVE-2019-2503", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2503", }, { cve: "CVE-2019-2482", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2482", }, { cve: "CVE-2019-2481", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2481", }, { cve: "CVE-2019-2455", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-2455", }, { cve: "CVE-2019-1559", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-1559", }, { cve: "CVE-2019-0220", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2019-0220", }, { cve: "CVE-2018-8039", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-8039", }, { cve: "CVE-2018-5407", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-5407", }, { cve: "CVE-2018-3282", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3282", }, { cve: "CVE-2018-3278", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3278", }, { cve: "CVE-2018-3276", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3276", }, { cve: "CVE-2018-3251", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3251", }, { cve: "CVE-2018-3247", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3247", }, { cve: "CVE-2018-3174", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3174", }, { cve: "CVE-2018-3156", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3156", }, { cve: "CVE-2018-3143", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3143", }, { cve: "CVE-2018-3123", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3123", }, { cve: "CVE-2018-3084", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3084", }, { cve: "CVE-2018-3082", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3082", }, { cve: "CVE-2018-3081", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3081", }, { cve: "CVE-2018-3080", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3080", }, { cve: "CVE-2018-3079", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3079", }, { cve: "CVE-2018-3078", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3078", }, { cve: "CVE-2018-3077", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3077", }, { cve: "CVE-2018-3075", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3075", }, { cve: "CVE-2018-3074", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3074", }, { cve: "CVE-2018-3073", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3073", }, { cve: "CVE-2018-3071", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3071", }, { cve: "CVE-2018-3070", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3070", }, { cve: "CVE-2018-3067", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3067", }, { cve: "CVE-2018-3066", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3066", }, { cve: "CVE-2018-3065", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3065", }, { cve: "CVE-2018-3064", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3064", }, { cve: "CVE-2018-3063", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3063", }, { cve: "CVE-2018-3062", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3062", }, { cve: "CVE-2018-3061", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3061", }, { cve: "CVE-2018-3060", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3060", }, { cve: "CVE-2018-3058", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3058", }, { cve: "CVE-2018-3056", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3056", }, { cve: "CVE-2018-3054", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-3054", }, { cve: "CVE-2018-2877", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2877", }, { cve: "CVE-2018-2846", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2846", }, { cve: "CVE-2018-2839", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2839", }, { cve: "CVE-2018-2819", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2819", }, { cve: "CVE-2018-2818", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2818", }, { cve: "CVE-2018-2817", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2817", }, { cve: "CVE-2018-2816", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2816", }, { cve: "CVE-2018-2813", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2813", }, { cve: "CVE-2018-2812", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2812", }, { cve: "CVE-2018-2810", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2810", }, { cve: "CVE-2018-2805", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2805", }, { cve: "CVE-2018-2787", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2787", }, { cve: "CVE-2018-2786", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2786", }, { cve: "CVE-2018-2784", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2784", }, { cve: "CVE-2018-2782", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2782", }, { cve: "CVE-2018-2781", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2781", }, { cve: "CVE-2018-2780", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2780", }, { cve: "CVE-2018-2779", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2779", }, { cve: "CVE-2018-2778", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2778", }, { cve: "CVE-2018-2777", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2777", }, { cve: "CVE-2018-2776", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2776", }, { cve: "CVE-2018-2775", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2775", }, { cve: "CVE-2018-2773", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2773", }, { cve: "CVE-2018-2771", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2771", }, { cve: "CVE-2018-2769", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2769", }, { cve: "CVE-2018-2766", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2766", }, { cve: "CVE-2018-2762", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2762", }, { cve: "CVE-2018-2761", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2761", }, { cve: "CVE-2018-2759", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2759", }, { cve: "CVE-2018-2758", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2758", }, { cve: "CVE-2018-2755", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2755", }, { cve: "CVE-2018-2598", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-2598", }, { cve: "CVE-2018-1996", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1996", }, { cve: "CVE-2018-1926", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1926", }, { cve: "CVE-2018-1904", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1904", }, { cve: "CVE-2018-1902", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1902", }, { cve: "CVE-2018-1901", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1901", }, { cve: "CVE-2018-1798", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1798", }, { cve: "CVE-2018-1797", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1797", }, { cve: "CVE-2018-1794", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1794", }, { cve: "CVE-2018-1793", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1793", }, { cve: "CVE-2018-1777", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1777", }, { cve: "CVE-2018-1770", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1770", }, { cve: "CVE-2018-1767", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1767", }, { cve: "CVE-2018-1719", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1719", }, { cve: "CVE-2018-1695", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1695", }, { cve: "CVE-2018-1656", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1656", }, { cve: "CVE-2018-1643", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1643", }, { cve: "CVE-2018-1621", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1621", }, { cve: "CVE-2018-1614", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1614", }, { cve: "CVE-2018-1567", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1567", }, { cve: "CVE-2018-1447", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1447", }, { cve: "CVE-2018-1428", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1428", }, { cve: "CVE-2018-1427", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1427", }, { cve: "CVE-2018-1426", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1426", }, { cve: "CVE-2018-1301", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-1301", }, { cve: "CVE-2018-12539", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-12539", }, { cve: "CVE-2018-10237", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-10237", }, { cve: "CVE-2018-0734", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-0734", }, { cve: "CVE-2018-0732", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2018-0732", }, { cve: "CVE-2017-9798", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-9798", }, { cve: "CVE-2017-3738", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3738", }, { cve: "CVE-2017-3737", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3737", }, { cve: "CVE-2017-3736", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3736", }, { cve: "CVE-2017-3735", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3735", }, { cve: "CVE-2017-3732", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-3732", }, { cve: "CVE-2017-1743", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1743", }, { cve: "CVE-2017-1741", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1741", }, { cve: "CVE-2017-1731", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1731", }, { cve: "CVE-2017-1681", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-1681", }, { cve: "CVE-2017-15715", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-15715", }, { cve: "CVE-2017-15710", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-15710", }, { cve: "CVE-2017-12624", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-12624", }, { cve: "CVE-2017-12618", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-12618", }, { cve: "CVE-2017-12613", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2017-12613", }, { cve: "CVE-2016-0705", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2016-0705", }, { cve: "CVE-2016-0702", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2016-0702", }, { cve: "CVE-2016-0701", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2016-0701", }, { cve: "CVE-2015-0899", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2015-0899", }, { cve: "CVE-2014-7810", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2014-7810", }, { cve: "CVE-2012-5783", notes: [ { category: "description", text: "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.", }, ], release_date: "2023-06-28T22:00:00.000+00:00", title: "CVE-2012-5783", }, ], }
wid-sec-w-2023-1601
Vulnerability from csaf_certbund
Published
2013-08-08 22:00
Modified
2023-06-29 22:00
Summary
Red Hat JBoss Enterprise SOA Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise SOA Platform ist eine Infrastruktur zur Automatisierung von ESB und Businessprozessen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise SOA Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen zu manipulieren oder um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss Enterprise SOA Platform ist eine Infrastruktur zur Automatisierung von ESB und Businessprozessen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise SOA Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um Informationen zu manipulieren oder um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1601 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2013/wid-sec-w-2023-1601.json", }, { category: "self", summary: "WID-SEC-2023-1601 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1601", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2013:1147-1 vom 2013-08-08", url: "https://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { category: "external", summary: "Debian Security Advisory DSA-2738-1 vom 2013-08-19", url: "http://www.debian.org/security/2013/dsa-2738", }, { category: "external", summary: "RedHat Security Advisory RHSA-2013-1185 vom 2013-08-29", url: "https://rhn.redhat.com/errata/RHSA-2013-1185.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2014:1834-1 vom 2014-11-10", url: "http://rhn.redhat.com/errata/RHSA-2014-1834.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2014:1833-1 vom 2014-11-10", url: "http://rhn.redhat.com/errata/RHSA-2014-1833.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2014:2019-1 vom 2014-12-18", url: "http://rhn.redhat.com/errata/RHSA-2014-2019.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2017:0868 vom 2017-04-04", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], source_lang: "en-US", title: "Red Hat JBoss Enterprise SOA Platform: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-29T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:55.866+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1601", initial_release_date: "2013-08-08T22:00:00.000+00:00", revision_history: [ { date: "2013-08-08T22:00:00.000+00:00", number: "1", summary: "Initial Release", }, { date: "2013-08-08T22:00:00.000+00:00", number: "2", summary: "Version nicht vorhanden", }, { date: "2013-08-19T22:00:00.000+00:00", number: "3", summary: "New remediations available", }, { date: "2013-08-29T22:00:00.000+00:00", number: "4", summary: "New remediations available", }, { date: "2014-11-10T23:00:00.000+00:00", number: "5", summary: "New remediations available", }, { date: "2014-12-18T23:00:00.000+00:00", number: "6", summary: "New remediations available", }, { date: "2014-12-18T23:00:00.000+00:00", number: "7", summary: "Version nicht vorhanden", }, { date: "2017-04-03T22:00:00.000+00:00", number: "8", summary: "New remediations available", }, { date: "2023-06-29T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 6 EL5", product: { name: "Red Hat JBoss Enterprise Application Platform 6 EL5", product_id: "T001224", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:6:el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 6 EL6", product: { name: "Red Hat JBoss Enterprise Application Platform 6 EL6", product_id: "T001225", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:6:el6", }, }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, { category: "product_name", name: "Red Hat JBoss Enterprise SOA Platform 5.3.1", product: { name: "Red Hat JBoss Enterprise SOA Platform 5.3.1", product_id: "198379", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3.1", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2012-5783", notes: [ { category: "description", text: "Es besteht eine Schwachstelle bezüglich der Überprüfung von SSL Zertifikaten in der Jakarta Commons HttpClient Komponente. Diese Schwachstelle wird dadurch verursacht, dass betroffene Software den Hostnamen des Servers nicht mit dem Domainnamen aus dem Common Name (CN) oder \"SubjectAltName\" Feld des X.509 Zertifikates abgleicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle mittels eines man-in-the-middle Angriffs ausnutzen, um Sicherheitsfunktionen zu umgehen und um einen Benutzer zu täuschen, dass er sich auf einer vertrauten Internetseite befindet. Für die Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "67646", "T001225", "T001224", "198379", ], }, release_date: "2013-08-08T22:00:00.000+00:00", title: "CVE-2012-5783", }, { cve: "CVE-2013-0269", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in \"JSON gem\" welches mit Red Hat JBoss SOA Platform. Diese Schwachstelle tritt während der Verarbeitung speziell manipulierter JSON Dokumente auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen SQL-Code zu injizieren, um einen Denial of Service herbeizuführen oder um Sicherheitsfunktionen zu umgehen.", }, ], product_status: { known_affected: [ "198379", ], }, release_date: "2013-08-08T22:00:00.000+00:00", title: "CVE-2013-0269", }, { cve: "CVE-2013-1821", notes: [ { category: "description", text: "In Ruby besteht eine Denial of Service Schwachstelle. Diese Schwachstelle befindet sich im REXML Parser und tritt während der Verarbeitung speziell manipulierter XML Dokumente auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Angriff durchzuführen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Anwender dazu bringen eine manipulierte XML Datei zu öffnen.", }, ], product_status: { known_affected: [ "198379", ], }, release_date: "2013-08-08T22:00:00.000+00:00", title: "CVE-2013-1821", }, ], }
fkie_cve-2012-5783
Vulnerability from fkie_nvd
Published
2012-11-04 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | httpclient | 3.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*", matchCriteriaId: "7849CBEF-9C6F-4E3E-A2CA-BA817EC1E1C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", }, { lang: "es", value: "Apache Commons HttpClient v3.x, tal y como se utiliza en el Java SDK de Amazon Flexible Payments Service(FPS) y otros productos, no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite falsificar servidores SSL a atacantes man-in-the-middle mediante un certificado válido de su elección.\r\n", }, ], id: "CVE-2012-5783", lastModified: "2024-11-21T01:45:12.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-04T22:55:03.297", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/58073", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2769-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/58073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2769-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2012-5783
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Aliases
Aliases
{ GSD: { alias: "CVE-2012-5783", description: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", id: "GSD-2012-5783", references: [ "https://www.suse.com/security/cve/CVE-2012-5783.html", "https://access.redhat.com/errata/RHSA-2017:0868", "https://access.redhat.com/errata/RHSA-2014:0224", "https://access.redhat.com/errata/RHSA-2013:1853", "https://access.redhat.com/errata/RHSA-2013:1147", "https://access.redhat.com/errata/RHSA-2013:1006", "https://access.redhat.com/errata/RHSA-2013:0763", "https://access.redhat.com/errata/RHSA-2013:0682", "https://access.redhat.com/errata/RHSA-2013:0681", "https://access.redhat.com/errata/RHSA-2013:0680", "https://access.redhat.com/errata/RHSA-2013:0679", "https://access.redhat.com/errata/RHSA-2013:0270", "https://ubuntu.com/security/CVE-2012-5783", "https://advisories.mageia.org/CVE-2012-5783.html", "https://alas.aws.amazon.com/cve/html/CVE-2012-5783.html", "https://linux.oracle.com/cve/CVE-2012-5783.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2012-5783", ], details: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", id: "GSD-2012-5783", modified: "2023-12-13T01:20:19.941337Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5783", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2013:0681", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { name: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { name: "openSUSE-SU-2013:0622", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { name: "RHSA-2013:0680", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { name: "RHSA-2017:0868", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { name: "openSUSE-SU-2013:0354", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { name: "58073", refsource: "BID", url: "http://www.securityfocus.com/bid/58073", }, { name: "apache-commons-ssl-spoofing(79984)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { name: "RHSA-2013:0270", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { name: "RHSA-2013:0682", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { name: "openSUSE-SU-2013:0638", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { name: "openSUSE-SU-2013:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { name: "RHSA-2013:1853", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { name: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", refsource: "MISC", url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { name: "RHSA-2013:0679", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { name: "RHSA-2013:1147", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "USN-2769-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2769-1", }, { name: "RHSA-2014:0224", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[3.0,4.0)", affected_versions: "All versions starting from 3.0 before 4.0.", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:N", cwe_ids: [ "CWE-1035", "CWE-295", "CWE-937", ], date: "2018-01-04", description: "Apache Commons HttpClient as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", fixed_versions: [], identifier: "CVE-2012-5783", identifiers: [ "CVE-2012-5783", ], package_slug: "maven/commons-httpclient/commons-httpclient", pubdate: "2012-11-04", solution: "Unfortunately, there is no solution available yet.", title: "Improper Input Validation", urls: [ "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", "https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html", "http://www.sigsac.org/ccs/CCS2012/techprogram.shtml", ], uuid: "c0a8d679-9d66-429f-a602-028be2dfc141", }, { affected_range: "[3.0,4.0)", affected_versions: "All versions starting from 3.0 before 4.0", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:N", cwe_ids: [ "CWE-1035", "CWE-295", "CWE-937", ], date: "2022-07-13", description: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", fixed_versions: [ "4.0", ], identifier: "CVE-2012-5783", identifiers: [ "GHSA-3832-9276-x7gf", "CVE-2012-5783", ], not_impacted: "All versions before 3.0, all versions starting from 4.0", package_slug: "maven/org.apache.httpcomponents/httpclient", pubdate: "2022-05-13", solution: "Upgrade to version 4.0 or above.", title: "Improper Certificate Validation", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2012-5783", "https://access.redhat.com/errata/RHSA-2017:0868", "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", "http://rhn.redhat.com/errata/RHSA-2013-0270.html", "http://rhn.redhat.com/errata/RHSA-2013-0679.html", "http://rhn.redhat.com/errata/RHSA-2013-0680.html", "http://rhn.redhat.com/errata/RHSA-2013-0682.html", "http://rhn.redhat.com/errata/RHSA-2013-1853.html", "http://rhn.redhat.com/errata/RHSA-2014-0224.html", "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", "http://www.ubuntu.com/usn/USN-2769-1", "https://github.com/advisories/GHSA-3832-9276-x7gf", ], uuid: "202a6d24-31cd-4e67-ba3d-1afb869d462a", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5783", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-295", }, ], }, ], }, references: { reference_data: [ { name: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", refsource: "MISC", tags: [ "Technical Description", "Third Party Advisory", ], url: "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", }, { name: "RHSA-2013:0270", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0270.html", }, { name: "openSUSE-SU-2013:0354", refsource: "SUSE", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html", }, { name: "RHSA-2013:0681", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0681.html", }, { name: "RHSA-2013:0679", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0679.html", }, { name: "openSUSE-SU-2013:0622", refsource: "SUSE", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html", }, { name: "openSUSE-SU-2013:0638", refsource: "SUSE", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html", }, { name: "RHSA-2013:0680", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0680.html", }, { name: "RHSA-2013:0682", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0682.html", }, { name: "openSUSE-SU-2013:0623", refsource: "SUSE", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html", }, { name: "RHSA-2013:1147", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "RHSA-2013:1853", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1853.html", }, { name: "RHSA-2014:0224", refsource: "REDHAT", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0224.html", }, { name: "USN-2769-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2769-1", }, { name: "58073", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/58073", }, { name: "apache-commons-ssl-spoofing(79984)", refsource: "XF", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984", }, { name: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", refsource: "CONFIRM", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", }, { name: "RHSA-2017:0868", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2021-04-23T17:28Z", publishedDate: "2012-11-04T22:55Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.